When domain name system services supplier Dyn got hit with a distributed denial of service (DDoS) attack last October, waves of traffic overwhelmed the company’s network and disrupted access to the internet for large swathes of the United States and Europe. The Dyn perpetrators had successfully orchestrated one of the biggest-ever DDoS attacks, powered by a botnet of Internet of Things devices.
Whoever was responsible for the Dyn attack showed how easy it was to deploy the Mirai source code, which is publicly available and easy to obtain. Many botnets have since incorporated the code, raising concerns that even worse is yet to come.
The Mirai botnet also serves as the basis of an ongoing DDoS-for-hire service. With the number of IoT devices in business now in the billions, the specter of crippling attacks targeting IoT installations found in industrial control systems or critical national infrastructure becomes a possibility.
The security world got another reminder of the growing magnitude of the threat when attackers carried out the biggest ransomware attack in history in May, infecting computers operated by more than 200,000 people in 150 countries with the so-called WannaCry virus.
Size doesn’t matter
The proliferation of these more powerful tools and technologies used to launch cyberattacks means that anyone can get access to a cyberweapon and potentially wreak wide-scale havoc.
The irony is that many organizations still fail to enforce basic measures that would otherwise protect themselves from attack. Too many remain unprepared and fail to take simple steps, such as patching software on a routine basis.
In theory, attacks like WannaCry should be preventable. Indeed, there was no shortage of warnings that organizations were leaving themselves vulnerable by failing to update aging computer operating systems with the latest software patches.
It’s up to IT to be on top of updates for patches issued for any open source software used by the organization, particularly when it comes to their IoT deployments. They also need to be mindful of the lack of security in the IoT ecosystem. According to an AT&T Cybersecurity Insights report, the world of IoT has become a digital Petri dish for hackers and other cybercriminals eager to probe for weak spots.
Other IoT must-do’s: Many devices get shipped from the manufacturer preconfigured with usernames and passwords that hackers can locate using search engines. Change them immediately.
As DDoS attacks grow ever larger, there’s obvious incentive to take measures that will block as many potential threats as possible at the edge of your network. Along with identifying your vulnerabilities, make sure there are multiple layers of security in place and configure your applications to make them better resistant to exploitation. Make sure there’s a good firewall in place along with rules to drop junk packets or reject unnecessary external protocols. An ISP can help by stopping unnecessary traffic upstream.
Also, run constant network scans of the corporate network to locate any security holes before the bad guys find them first.
A fail-safe defense may not exist but you can mitigate a threat that, unfortunately, is becoming the new normal in the security world.