Preventing the next IoT Botnet Attack
The recent DDoS attack on Internet infrastructure provider Dyn on October 21st, that compromised hundreds of thousands webcams and DVRs seriously paralyzing many popular websites such as PayPal, Netflix, Amazon, Spotify was a DDos attack turing the Internet of Things into a Botnet of Things nightmare.
What is interesting about what has been dubbed the “Mirai” malware, is the innovative nature of the attack, that turns common connected household devices into a bot army. It does so by scanning the Internet for open ports (usually ports TCP/23 and TCP/2323) on IoT devices and then attempts to login using default credentials. Mirai then installs specialized software, forcing devices to connect to C&C servers and await commands.
Once it was ordered to attack Dyn, the Botnet army swarmed Dyn’s servers with data requests from a network of hundreds of thousands of hacked devices like router, DVRs and cameras. Its systems were overwhelmed and Dyn’s many clients like Netflix, Paypal and Spotify were taken down.
The IoT Botnet attack was a wake-up call demonstrating that if a DVR or a CCTV camera can take down the Internet, then we are in serious trouble.
So what can be done to protect IoT devices? Anthony Grieco, senior director of the security and trust organization at Cisco, said the devices themselves should be secured, not the routers. However, its is unlikely that the hardware manufacturers will take the necessary steps to do so in the near future. So is there a solution?
Enter SAM Seamless Network, an Israeli cyber security company we at Sparklabs Global invested in earlier this year. SAM is focusing on the weakest link in our connected homes namely, the wifi-router. Most popular and common routers are remarkably insecure, with ports wide open to all kinds of devices by default. It is sort of like leaving your front door open to your home allowing anybody to enter. SAM protects wifi-routers in the following way:
- SAM’s IoT device-profiling engine and policy enforcer prevents external malicious logins.
- Through its cloud-based behavioral analytics engine SAM can identify and detect abnormal device communication, assess it for potential maliciousness (such as C&C communication) and efficiently block dangerous incursions.
- SAM’s anti Botnet agent is equipped with a mechanism designed to understand and react to any Botnet attempt to control a device or execute an attack.
- SAM secures and protects the router itself. This prevents gateway compromise and proliferation of Mirai-like malware.
Besides the IoT specific protection mentioned above, by running on the home gateway SAM also secures the entire home network and all its connected devices from external intrusion.
So while while waiting for hardware manufacturers to secure their devices (which is unlikely to happen in the foreseeable future) from future Botnet attacks ISPs and network providers should upgrade routers with services like SAMs and secure their customers homes.
