A new and somewhat unusual age of cyber-attacks is being witnessed. The growing trove of smart devices inhabiting our homes are being recruited for use in executing massive cyber-assaults across the Internet. That’s right. An evolution in the proliferation of distributed denial-of-service attacks has revealed a worrisome trend – the use of consumer internet-connected devices to conduct these attacks. These devices, often referred to as the “Internet-of-Things” or “IoT” for short, identifies the exponentially growing number of Internet-connected devices, which are embraced by millions of consumers worldwide. From thermostats and refrigerators to home DVRs and baby monitors, more and more convenient household gadgets are being outfitted with the ability to communicate via the Internet.
Growing Concern of DDoS Attacks
Over the past two months, we witnessed two of the largest-ever recorded DDoS (distributed denial-of-service) attacks, nearly double the size of the largest attack ever seen previously. In September, the website of well-known cybersecurity journalist Brian Krebs was attacked. Initial analysis of the attack traffic suggested the assault was around 620 Gbps in size, leveraging as many as 1 million Internet-connected devices. That attack was followed by a similar attack in October which targeted Dyn, a Domain Name System (DNS) provider, which severely crippled major Internet platforms and services for millions of users across the world.
IoT Malware Identified
Part of the firepower in these assaults has been confirmed as being delivered from the “Mirai” botnet, which is comprised of all manner of weakly defended Internet-of-Things devices. These attacks, coupled with the recent release of the actual “Mirai” source code has generated a lot of interest in how IoT devices are being used in DDoS attacks. What’s unique about the Mirai malware is its capability to infect IoT devices, which are then recruited for use in an Internet-of-Things botnet. The malware itself isn’t necessarily sophisticated, and does not implement any particularly unique exploit features. However, security experts admit it is well-written, and takes advantage of a common problem – the fact that many IoT devices are operating with either default passwords or passwords which are hardcoded within the firmware.
Financial Institutions On Edge
Still on edge from the furious onslaught of distributed denial-of-service (DDoS) attacks that began targeting financial institutions in late 2011, many FIs are still seeking ways to bolster their defenses, in hopes of mitigating the potential risk of such attacks. Most have implemented some form of mitigation strategy, ranging from increasing & diversifying their Internet bandwidth to leveraging third-party traffic scrubbers to hardening vulnerable systems that could amplify the effects of an attack. Unfortunately, while each of these provides some benefit, it’s not been enough to ensure total immunity. And there is no sign of these attacks slowing. This can be mainly attributed to the ease in monetizing an attack, as well as the increasingly pervasive list of tools and services available to launch an attack.
Financial institutions must continue to be vigilant in the fight to defend their critical infrastructure. This should not only include understanding what devices are connected to their networks, but also hardening systems which may be vulnerable to compromise. Another key aspect of mitigating an attack should include examining and detecting unusual inbound and outbound network traffic. For example, Mirai implements floods of GRE traffic, a communication protocol used to establish a point-to-point connection between network nodes. In an attack situation, this can be extremely useful when responding to an incident. Building on these recent attacks, institutions can expect the next wave of DDoS to be even more comprehensive and threatening. In anticipation, remain on guard, vigilant, and don’t forget the basics of implementing layered security controls.