Defending the Network from Real IoT Threats
The Internet of Things (IoT), once the stuff of science fiction, has stepped off the page and into the real world – and the world will never be the same. Analyst firm IDC forecasts that by 2020, 32 billion “things” will be connected: thermostats, refrigerators, parking meters, cars and so on.
More than just the latest technology fad, IoT holds real potential for the business community. Cisco predicts that between now and 2022, $19 trillion in value is at stake for organizations willing to take advantage of the increasingly interconnected world. However, not only legitimate enterprises are looking for ways to profit from IoT.
Cyber criminals demonstrated last year how adept they are at capitalizing on new opportunities and manipulating technology for their purposes. Hackers have become more efficient and effective, developing new methods to manipulate the protocol and accessibility of any home device that has an operating system and an open IP address. They can create a nearly instantaneous volumetric assault on intended targets through the use of a massive number of networked machines (often called botnets or “zombies”). The intent is to flood the network with unnecessary requests that eventually lead to a server crash or the insertion of malware into the network. Either way, it’s bad for business and brand reputation, and very bad for the bottom line.
The Threat Landscape Expands
Consumer Internet routers have today become instruments of what is now known as the simple service discovery protocol, or SSDP, reflective amplification distributed denial-of-service (DDoS) attack. It’s a long name with a significant impact; globally, more than 7 million SSDP devices have the potential to be exploited to launch SSDP and other DDoS attacks.
Last year, this kind of attack gained in popularity. SSDP attacks use smart devices (routers, webcams, etc.) to amplify attack bandwidth by as much as 75 times. With IoT bringing billions of such devices online, there will be an exponential growth in this type of attack.
Today’s smart devices include vulnerabilities such as:
- Always on. Unless you have programmed all the “things” in your home to automatically shut down when you leave or go to sleep, connected appliances, routers and webcams generally stay online 24 hours a day, seven days a week.
- Fairly high bandwidth. A router’s job is to provide your household with the bandwidth you need to stream movies, access the Internet and send email.
- Password problems. The majority of us create weak passwords, just for the sake of convenience. But like your PC, Mac or phone, any equipment that connects to the Internet must be password-protected. While consumers are familiar with creating passwords in those environments, accessing the interface to password-protect a router or webcam may not be quite as intuitive.
- Standards are lagging. Though federal standards bodies are looking into these types of attacks and developing recommendations, it is not up to the manufacturers to secure the consumer home network. Instead, currently this responsibility falls to the consumer who purchases the device.
- Upgrade cycles are long. When was the last time you updated the firmware on your router? Most of us would say, “Never.” In fact, certain smart devices may never be upgraded after deployment.
Defending the Network in the IoT Age
Though enterprises and vendors are working on solutions to protect IoT devices, but in the interim, the battle against DDoS will continue to challenge enterprises and ISPs. At RSA 2015 in San Francisco, IDC analyst Chris Christiansen noted that with consumer devices, there is no money in security. He went on to say that as such, the security that is embedded in a consumer IoT device is minimal, which, he noted, will eventually lead to major privacy and future litigation issues, especially in Europe.
Traffic-based attacks that lead to latency or network crashes can be prevented, but enterprises, ISPs and hosting providers need to think outside of the traditional security stack. When looking for solutions to mitigate DDoS attacks, it is important to not only defend against DDoS attacks on the transport layer, such as flood attacks related to SYN, SYN-ACK, ACK, FIN/RST, UDP, ICMP and IP Fragment, but also those targeting the application layer, such as HTTP GET/POST Flood, slow-rate attacks, DNS attacks, game service attacks and audio/video attacks. Furthermore, in terms of application scenarios, look for solutions that defeat DDoS attacks launched via a multitude of agent servers, like CDN and WAF gateways.
There are even more evolved solutions available. Instead of relying solely on traditional fingerprint matching or similar methods, for example, advanced DDoS mitigation solutions also conduct behavior anomaly detection, which can then be filtered through an intelligent multi-layer identification and cleaning matrix. This consolidates the mechanisms of anti-spoofing, protocol stack behavior analysis, specific application protection, user-behavior analysis, dynamic fingerprint identification, bandwidth control and so forth.
There’s no question that IoT is changing the way we do business, the opportunities that lie before us, and the security threats we face. Government and financial standards bodies are working on creating policies to safeguard both businesses and their customers, but such undertakings usually take a long time to be finalized. Meanwhile, enterprises and hosting providers should look to implement DDoS protection solutions that monitor for and defend against SSDP and other attacks.
For more detailed information about SSDP DDoS attacks, other DDoS attacks from 2H2014 and predicted potential threats for 2015, download the NSFOCUS DDoS Threat Report here: http://www.nsfocus.com/2015/SecurityReport_0416/196.html