The Internet of Things (IoT) has been a boon for the cybercriminal industry. IoT devices number in the billions worldwide and most are unsecured or undersecured, making them appealing targets to be used in distributed denial-of-service (DDoS) attacks that can overwhelm an enterprise network and cause critical business systems to crash. They are so tempting that by the end of 2017, reported attacks numbered 15 per minute globally—a rate that has surely increased in 2018.
While several recent high-profile DDoS attacks have been the result of memcaching—the exploitation of memcached database servers—unsecured and undersecured IoT devices remain the biggest threat based on sheer volume and accessibility. Attackers simply write and distribute code that can seek out and identify any IoT device that is either unsecured or secured with a common or default password. The software then takes over the devices and creates a virtually untraceable botnet that hammers unsuspecting networks with a large volume of traffic.
Most DDoS attacks leverage consumer electronics IoT devices such as smart light bulbs, thermostats and wearables that are not under that same security posture as industrial IoT devices. Consumers simply aren’t thinking about security when it comes to their internet-enabled devices. Sure, the industry can educate the public about the importance of changing default passwords, updating security patches and disabling universal plug and play capabilities on their home routers, but that is not realistic. People are going to do what people are going to do.
Stopping DDoS attacks is not a matter of improving security of IoT devices. Enterprises need to take responsibility and be better at identifying and preventing DDoS attacks as they happen in real time. Here are five tactics that enterprises can take to harden their network against DDoS attacks that originate with IoT devices:
1. Pick your weapon
There are many DDoS mitigation tools and services, and you need to make sure you pick the option that best fits your individual needs. Keep in mind that the right solution for a financial services company may not be appropriate for a hospital network. The discovery process is key. Talk to stakeholders to understand how a DDoS attack would impact them and how best to mitigate an attack.
2. Know your enemy
Attackers use the same tactics over and over again—and, given their success—who can blame them? But these attacks leave forensic evidence that you can use to identify an attack in progress before it gets out of control. Preventing DDoS attacks requires knowing who is after you and how they typically cause disruption.
3. Run battle simulations
Testing how a potential attack can impact your network is the secret sauce of preventing DDoS attacks. Set up a test environment and run simulation after simulation to better understand network behavior during certain events. Note how the attacks originate and identify the telltale signs of an imminent attack. Try different solutions and how the attacks react, building a repository of tried and true defense mechanisms you can use for various scenarios. Remember that the more you test in the lab, the fewer surprises you’ll encounter during the real thing.
4. Adapt new weapons and techniques
Results from your testing will uncover vulnerabilities. This is a good thing. Better that you identified the holes in your network before anyone else could. Analyze these results and make the appropriate changes to your network.
5. Build the ultimate Zero-Day plan
You have the right tools and expertise to fight off any attack. You’ve studied your opponent and can identify potential attacks in real time. You’ve tested your environment six ways to Sunday and you’ve hardened your network. Now is the time to create the ultimate Zero-Day plan that you can put in place in case of an attack. Everyone should know exactly what they need to do, policies need to be enforced and a plan of action should be put into place. Reacting to an attack needs to be second nature, an automatic reaction that dutifully takes care of business.
DDoS attacks are growing in volume and in intensity due to the proliferation of IoT devices around the world and people’s inability to secure their devices. Rather than stop attacks at their origin, organizations need to learn how to identify ongoing attacks and have a plan in place to stop them in their tracks. With careful testing, analysis and planning most attacks can be identified early and their impact mitigated. It’s just a matter of being prepared.