IoT looks likely to revolutionise the way we live, work, travel and play, it could also represent a threat to the IT networks that support it.
Over 5,000 connected devices on a US university campus, including vending machines, were recently infected by malware that caused a form of DDoS attack.
Repeated and frequent DNS queries – most of which were related to seafood – were sent, overloading the university’s servers, and causing its IT network to become slow and unresponsive.
A hacker was able to hijack millions of connected digital cameras and video recorders to launch a DDoS attack on Dyn, provider of DNS services to a number of popular websites such as Twitter, Spotify and PayPal.
By flooding Dyn with junk data, the attack led to large parts of the internet becoming sluggish and, in some cases, inaccessible.
Both attacks, although different in their approach, highlight both the importance and vulnerability of DNS, a mission-critical piece of network infrastructure used by all organisations, and without which networks are unable to function.
Sustained attacks in particular, such as that experienced by Dyn, can be very disruptive to a company’s operations and processes, and can ultimately affect its bottom line.
The simplicity with which DDoS attacks can be generated using DNS infrastructure is what makes them so concerning. After taking control of a system, hackers will use a spoof IP address of their target to send queries to named servers across the internet which, in turn, will send back responses.
The attacker is able to amplify the query to return the largest possible response, often by employing a botnet of thousands of computers or, in the examples above, connected devices, to incapacitate the target. However, the responsibility for these attacks needn’t always lay with the owners of the connected devices.
How to Improve security in IOT
Two concurrent approaches we should take if we hope to improve security in the burgeoning IoT market, and prevent further DNS-based DDoS attacks using botnets of connected devices.
The first is to look at establishing industry minimum standards for connected devices which would include standards for remote accessibility, protocols, and password hygiene.
The second is for organisations themselves to take steps to reduce their DNS threat level and massively reduce their exposure to attacks.
Such steps include learning to recognise just when an attack is taking place, and scrutinising their internet-facing infrastructure to identify any potential points of failure that might leave the network vulnerable to attack.