The Internet of Things (IoT) continues to be a boon to hackers and a bane to IT security professionals. IoT security is usually an oxymoron because the vast majority of IoT devices have poor security architecture. The manufacturers are often in a rush to get products to market; therefore, security is an afterthought. And, once the device falls into the hands of a consumer, it’s unlikely that the device manufacturer will send out security patch updates, and even less likely that the end-user will take the time to install such security patches.
According to a PCWorld article, hundreds of thousands of IoT devices are infected with the Mirai botnet code, and hackers are manipulating strains of the Mirai code so they can infect hundreds of thousands more devices. Furthermore, malware infections happen within minutes of a device going online, according to Rob Graham, CEO of Errata Security. The potential for infecting millions of devices is very real, given that 8.4 billion devices will be connected to the Internet by the end of 2017, according to Gartner.
Why Should We Care?
That sea of IoT devices is the source for current and future multi-terabit distributed denial of service (DDoS) attacks. No one should forget that the now-infamous 1.2Tbps DDoS attack on domain name service provider Dyn in October 2016 was fueled by IoT devices infected with the Mirai botnet. It made life difficult for Dyn; it not only cost Dyn a lot of time and money, it tarnished the company’s reputation and caused great inconvenience for Dyn customers and their customers. Terabit-sized DDoS attacks like that will become common in the near future, and no enterprise is immune to the threat.
What Should Be Done?
There is no silver bullet for DDoS attack protection. However, Step 1 in the war on DDoS is to stem the rising tide of infected IoT devices. Manufacturers should build better security into the devices, and consumers should update the password on each device from the manufacturer’s default setting. Those are important steps in the right direction, but how likely will those steps be taken, universally? Not likely at all. Before the world can make any substantial progress down that road, hackers will have launched many more crippling DDoS attacks that companies (and consumers) can ill-afford.
Step 2 in the war on DDoS is to improve your defenses. No one can control the security of IoT devices that they don’t own, but you can control your own destiny by implementing real-time, automated DDoS protection. So check with your Internet service provider to find out if it offers DDoS protection as a service (DDPaaS); the investment is more affordable than ever.
For more information, contact us.