Virtualization Technology News and Information
Arbor Networks 2018 Predictions: Using IoT Devices to Launch Attacks from Within

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by Steinthor Bjarnason, Senior Network Security Analyst, Arbor Networks

Using IoT Devices to Launch Attacks from Within

arbor networks iot 

The number of IP-enabled Internet of Things (IoT) devices has increased dramatically in the last several years and according to IHS, it is predicted to reach the staggering number of 30.7 billion devices by 2020. Almost every device manufactured today, including home appliances, street lights, parking meters, toys and even automobiles include some sort of IoT functionally which allows them to be monitored and/or managed via the internet.

Unfortunately, due to the limited storage and functionality on these small devices and the ever-increasing drive to keep costs down, these devices are usually insecure and are easy targets for attackers who actively scan for these devices and then subsequently subsume them into their Botnets. Internet connected IoT devices like webcams and DVR's are now the attacker's choice for launching distributed denial-of-service (DDoS) attacks and were used in high profile attacks against DYN, OVH and others in 2016 and 2017.

Manufacturers have slowly begun to increase the security level of IoT devices which are directly connected to the internet (estimated to be about 5% of the total IoT population) but the remaining 95% are getting less focus as they are deployed behind corporate firewalls and are therefore assumed to be safe from the attackers. This assumption was however proven wrong in February 2017.

The Mirai Windows spreader

In February 2017, a new Windows Trojan containing IoT attack code was detected in the wild by Arbor's Security Engineering & Response Team (ASERT) and other malware researchers. What was different about this Windows Trojan is that in addition to infecting Windows computers, it also scanned for vulnerable IoT devices and then proceeded to infect them with the Mirai IoT botnet code.

This means that if a Windows computer infected by this Trojan, is connected to the networks inside the corporate firewalls, the Windows computer will start to scan for and infect all those vulnerable IoT device behind the barriers which were previously believed to be safe from attackers.

This allows the attackers to gain reachability to the previously untouchable 95% of the IoT devices and can now use those to launch outbound DDoS attacks or use the devices to launch devastating internally facing DDoS attacks against vulnerable internal resources including Data Centers and WAN/LAN network infrastructures. These resources are in almost all cases, NOT protected against DDoS attacks originating from the inside and are therefore very vulnerable against this kind of attack.

Botnet DDoS malware and traditional ransomware malware also started to cross-pollinate in 2017 as the attackers realized that DDoS attacks against network infrastructures can be far more devastating than infecting end-user computers.

Looking to 2018, it's easy to see how taking these two trends together how attackers could launch multi-stage ransom attacks against corporations using a combination of external DDoS attacks and internally launched DDoS attacks using IoT devices which are already inside the targets networks.

The drive toward connecting every device to the internet has clearly been very beneficial for today's society. This has however happened without considering the security aspects and the attackers are now busily taking control of these devices, using them against their owners for monetary gain.

The Windows Mirai Spreader was a game changer, opening the door for infecting IoT devices inside corporations and using them to launch attacks against vulnerable resources inside the corporate perimeters.

However, a network which is designed and secured according to network security best practices using segmentation, monitoring, DDoS mitigation and stateless security devices will be able to detect and mitigate these attacks.

Unfortunately, trying to secure the network while under attack is almost impossible which means that preparation is key. Secure your networks before your IoT devices revolt against you!


About the Author

Steinthor Bjarnason 

Steinthor Bjarnason is a Senior Network Security Analyst on Arbor Networks Arbor's Security Engineering & Response Team (ASERT) team, performing applied research on new technologies and solutions to defend against DDoS attacks. Steinthor has 18 years of experience working on Internet Security, IoT Security, Cloud Security, SDN Security, Core Network Security and DDoS attack mitigation. Steinthor is an inventor and principal of the Cisco Autonomic Networking Initiative, with a specific focus on Security Automation where he holds a number of related patents.

Published Wednesday, November 15, 2017 7:31 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2017>