The Internet of Attacks: Disturbing Online IoT Trends

Disturbing Online IoT Trends

If you thought the worst thing to come out of the Internet of Things (IoT) trend for internet-connected devices was your mother in law’s daily reports on her smart refrigerator telling her she’s out of prune juice, then it’s time to think again.

People are understandably going wild for IoT devices. The technology is intriguing, many of the applications are becoming essential, and in a great deal of cases what these devices can do is just plain fun. The problem is that online attackers are just as fond of these devices, and they’re not using them to monitor their front doors or turn on the coffee maker while they’re still in bed. Instead, they’re using them for distributed denial of service (DDoS) attacks and data breaches.

DDoS dangers

When it comes to IoT devices, DDoS attacks and data breaches are two separate issues that stem from the same problem: lax security. In their rush to market, manufacturers largely have yet to prioritize security in their IoT devices, and while end users would be quick to secure an internet-connected device like a laptop, it just doesn’t seem to be thought of when it comes to smart devices like thermostats or baby monitors. As a result, the Internet of Things is populated by millions of devices using default usernames and passwords.

This is a problem because with a bit of Malware and expertise, an attacker can hijack an internet-connected device and control it remotely. This is how botnets are assembled. In essence, a botnet is a network of hijacked devices that are used to aim immense amounts of malicious traffic at websites, servers or other online services in what are called DDoS attacks. An unmitigated attack will push the website or service offline altogether, or slow it down to the point that it can’t be used.

Botnets have been a DDoS-causing problem for over 15 years, but with the security problems plaguing the IoT, the size of botnets as well as their resultant attacks are reaching never before seen proportions. It was an IoT botnet by the name of Mirai that was behind the record-smashing distributed denial of service attacks on French hosting provider OVH, online security blogger Brian Krebs and DNS provider Dyn at the end of 2016, and it will surely be IoT botnets behind the next record breakers, which could come at any time.

Vulnerable data

If an attacker can compromise a device in order to enlist it in a botnet, then an attacker can also compromise a device for its data. Financial information, health information and other sensitive and highly sellable data is ripe for the picking behind default user names and passwords in the IoT. This would be bad enough for individual users, but there is an untold number of smart devices in use by major organizations that are providing potential access to huge databases.

Forrester Research estimates that a whopping 500,000 IoT devices will be compromised in 2017, while other experts are predicting that the first big security breach that can be traced back to an IoT device will happen within the next two years, to say nothing of the smaller scale data breaches that could be occurring at this very moment.

A collaborative solution

A true solution to these IoT problems is frustratingly out of reach since it requires the cooperation of so many organizations and people, including a large number of manufacturers that need to incorporate better security in the firmware to cut down on Vulnerabilities. As a result, end users and website owners are left to secure their own devices and sites.

To begin securing your devices, change the default user names and passwords on them, no matter how ridiculous it may seem to set a password for, say, a thermostat. It’s also a good idea to disable WAN or remote access to your devices. You can use this open port finder to check for remote access on Telnet (23), SSH (22) and HTTP/HTTPS (80/443) ports.

To protect a website against the major threat posed by DDoS attacks, website owners need to invest in professional distributed denial of service mitigation. Scalable, cloud-based protection with a truly robust backbone will be able to handle attack attempts from botnets of all sizes, even IoT-powered botnets.

With a few simple steps and high-quality DDoS protection, your biggest IoT worry can once again be related to your mother in law and the world’s most boring use of smart devices. What a world.

Sponsored by Incapsula

By Gary Hanley

Miha Kralj

SaaS Native – Design, Delivery and Management of Applications

Going cloud native, the right way Moving from a traditional IT organization to one that’s cloud native is an inevitability for all businesses. This is ...
Anita Raj

Can the cloud handle the streaming explosion caused by the pandemic?

The Streaming Digital Explosion From the time the coronavirus forced the global community to stay at home, a whopping 16 million people have newly subscribed ...
Anita Raj

Coronavirus: Can technology help fight the pandemic?

Coronavirus and Telemedicine Technology COVID-19 has brought the world to a near standstill. From NBA to Met Ball and Coachella, all major events and festivals ...
Karen Gondoly

Lessons Learned When Moving to the Cloud

Moving to the Cloud Lessons At Leostream, we work with organizations around the globe that are moving workloads to the cloud. These organizations span a ...
Tej Redkar

How AI Monitoring Can Make Your Business Smarter and Better

Business AI Monitoring When issues arise with digital technology—as they invariably do—companies must have the ability to fix them before they create any business impact ...
David Shearer

Looking Back – and Looking Forward to 2020

As we celebrate our thirtieth anniversary here at (ISC)², it’s incredible to look back at the changes our industry has been through. From advances in ...
The Sticky Note.png