As the popularity of smart connected devices gathers pace, cyber-attacks that took place late last year reveal how this new technology wave will be bedevilled by all manner of security issues. That is, until security is taken seriously.
In October last year, Dyn a company that provides hosting services for some seriously large organisations such as BT, CNBC and the Telenor Group was hit by a distributed denial of service (DDoS) attack
three times over the period of a few hours.
The attack took down websites in the US
belonging to Twitter, Reddit, GitHub, Amazon.com, Netflix, Spotify and Dyn's own website among others. Access to sites such as the New York Times, PayPal, Pinterest and Tumblr, as well as some cable firms, was also reported as being intermittent.
The attack was remarkable for two reasons; it had an estimated throughput of 1.2 terabits per second and it was launched from a botnet consisting of a large number of internet-connected devices, such as printers, IP cameras, residential gateways and baby monitors, that had been infected with the Mirai malware.
Now 1.2 terabits per second might not mean much to the average person but to put it simply this was the amount of data that was ‘thrown’ at Dyn during the attack. As such it was the largest known DDoS attack on record
DDoS attacks are typically launched from compromised computers that have been ‘enslaved’ in a botnet. The Dyn attack was different in that the botnet is believed to have exclusively consisted of compromised Internet of Things (IoT) devices otherwise known as smart devices.
The attack sent seismic shock waves through the industry both for its size and its use of smart devices, leading to predictions from some quarters that this was just a warm-up exercise with 2017 set to see even larger attacks with the possibility that the entire internet could be take down
This is a bit of an apocalyptic prediction but it’s certainly not impossible.
Anatomy of the Dyn attack
Dyn acts as a directory service for huge numbers of firms, which helps customers keep global address books up to date with the location of their domains
In short, Dyn provides a DNS service. DNS stands for Domain Name Servers which are computers that contain databases of URLs and the IP addresses they represent.
For instance if you go to www.ebay.com
your browser needs to know what the underlying IP address is which could be something like 220.127.116.11.
If somebody goes to an internet company that uses Dyn such as www.twitter.com
the Dyn address book tells their browser which numerical IP address to use.
The DDoS attack consisted of so many DNS look up requests from IP addresses of compromised smart devices that Dyn servers were flooded. This meant genuine requests couldn’t get through.
Website users received messages that the server wasn’t available, though a few genuine requests did get through resulting in an intermittent service.
Other Mirai attacks
The Mirai botnet didn’t stop with its attack on Dyn. A short time later it also targeted Deutsche Telekom
, KCOM and Irish telco Eir and then hundreds of thousands of TalkTalk and Post Office
It targeted the maintenance interfaces of broadband routers affecting the telephony, television, and internet service of about 900,000 Deutsche Telekom customers in Germany.
The Post Office confirmed that around 100,000 customers were affected and that the attack had hit customers with a ZyXEL router. ZyXEL-supplied kit was also the target for the Irish telco Eir. Talk Talk D-Link routers were also targeted.
A Mirai botnet also targeted the telecommunications infrastructure in the West African nation of Liberia. The attack was registered at 500 Gpbs and targeted Liberia’s lone undersea large-transit internet cable. Despite some breathless reports claiming it knocked Liberia offline
this wasn’t the case, though it did illustrate the potential dangers that many industry people are aware of.
The Mirai malware
The Mirai malware
has been specifically created to target vulnerable smart devices. It continuously scans the internet for IoT systems protected by factory default usernames and passwords.
There were dozens of products affected including routers, security cameras, printers, modems, webcams and digital video recorders. Once infected it then conscripts the compromised devices into a botnet.
The DDoS attacks have been enabled by the massive army of devices that have come under Mirai’s control. Importantly, a hacker that goes by the name of Anna-Senpai
also released the Mirai code for other hackers to use.
As a result, hackers can develop different strains of Mirai that can take over new vulnerable IoT devices and increase the computing power that Mirai botnets can draw on to launch their DDoS attacks.
Mirai isn’t the only IoT botnet. But has become the main IoT malware because it is now easy to access thanks to Anna-Senpai and it can be tweaked to create different strains. Security researchers have also detected a growing community of Mirai users offering each other tips and advice.
More mayhem thanks to billions of vulnerable smart devices
The Mirai botnet is not alone. Another IoT botnet was also discovered late November
last year. The rise of these IoT botnets signal more mayhem in the future given that many smart devices are inherently insecure, addressing these issues is not easy and consequently there are billions of IoT devices that are vulnerable to all sorts of malware. And this issue is only going to get bigger as more smart connected devices come onto the market and become common items in smart homes.
There is a parallel in the rise of viruses, worms and email spam around in the early 2000s. At this time many computers weren’t very secure and as increasing numbers of companies rushed to join the dot com gold rush (which shortly later became the dot com bubble
) security was never given the prominence it should have had.
Today, we understand the importance of securing computers and mass viral infections are not as common, though of course threats have become more sophisticated such as the current ransomware plague
. However, in terms of IoT we see millions, if not billions of unsecured routers, webcams, IP cameras, baby monitors and so on.
This means that there will be more IoT botnets, more DDoS attacks and more throwing of hands in the air at lack of security will define the IoT landscape in the coming years.
Smart device manufacturers will at some point begin to address the issue but this will take time and will only be driven when profits take a hit because of poor security. But Mirai and other IoT botnets are here to stay for the foreseeable future.
However, the IoT threat will also become more sophisticated as cyber fraudsters explore even more the profit potential of compromised smart devices. This could manifest in a number of ways such as IoT malware that shuts down smart devices until a ransom is paid to hacking smart devices as a way to penetrate home networks to steal financial information and personal data.
Smart device protection
By and large security vendors have been quick to recognise the need for smart device protection and some have rushed products to market that they claim will protect the smart home. However, close analysis reveals many of these products are reworked versions of existing security suites that are designed to protect computers.
These ‘smart device protection’ products typically feature a firewall and something known as a secure web proxy which lets smart device users communicate with their devices over the web using encryption protocols.
These safety measures are important and can’t be dismissed but true smart device protection requires more robust defence. Dojo by BullGuard is a smart home protection technology that features five defensive layers and as Forbes magazine said is set to shake up the fledgling IoT security market
It is a state-of-the-art, multi-layered network security platform that uses artificial intelligence and machine learning to provide the most cutting-edge IoT security available today. It’s also incredibly simple to use. Released later this year its technologies like this that will help redress the balance and provide the much needed protection that smart device users need as the IoT revolution rolls forward.