Attack of the Killer IoTs?

By Jeff Joyner

Well, maybe they weren’t killers but it was definitely an attack.  

A couple of weeks ago, on Oct. 21, a Distributed Denial of Service (DDoS) attack was executed against a DNS provider named Dyn. This attack affected the Internet traffic for prominent web sites such as Twitter, Pandora, Netflix, Pinterest, Spotify, PayPal and PlayStation Network. In some cases, access was shut down completely.

Domain Name Service (DNS) is like a phone book for the Internet. DNS translates human readable text (such as your website name, like www.ctgva.com) into Internet addresses (which are numeric, such as 72.10.49.31) that devices connected to the Internet can understand. In a nutshell, DNS providers deliver this translation service. 

A Denial of Service (DoS) attack is an attempt to prevent legitimate users from accessing information or services. The primary method is to flood a particular website’s Internet connection, exhausting the resources of a router, firewall or server, thereby shutting off access to anyone else. With a DDoS attack, you find it more difficult to defend yourself and your business. Instead of the attack coming from a single device, a DDoS attack enlists an army of network devices to do the same thing. Tens of thousands or more devices, all working together to cut off a company’s resources. Even the largest companies find it difficult to defend against.

So, who owns the network devices used in these attacks? In this particular example, large numbers of webcams were used. Why would webcams launch an attack on a DNS provider? What did Dyn do to the webcams?

This is where it gets interesting.

The Internet of Things (IoT) is a phrase used to describe all of the various Internet-connected devices we have today, which includes video game systems, home thermostats, security cameras, smart phones, and much more. In many cases, these devices come with passwords that are never changed and/or weak protocols enabled for active use. Sitting behind a firewall doesn’t necessarily mean that the device can’t be reached.

A protocol that runs on most home routers/firewalls is Universal Plug’n’Play (UPnP).  When enabled – and it is by default – UPnP allows devices on the inside or protected part of your network to request ports be opened and forwarded to them without any user intervention. Why have this protocol? Because it’s easier on people who might not be as technically minded. Your best security practice is to disable UPnP on home routers/firewalls. After disabling, test all internal device that rely on the Internet to ensure disabling UPnP didn’t disrupt any connections. Leaving UPnP enabled makes things easier but compromises home network security.

Meanwhile, what can be done to make these devices less vulnerable to being turned into “zombies” and used in attacks against unsuspecting victims? Vendors need to tighten up the security on IoT devices during manufacturing, long before these devices hit the retail shelves. Additionally, manufacturers must make ready updates to correct security holes in the products already in service. Consumers should create strong passwords (16 characters or more with mixed case, numbers, symbols) to replace the widely documented default passwords all too often left on devices connected to the Internet.

We know cyber security is seemingly daunting, so let us help. Contact Convergent Technologies Group through our website to have all the right resources to defend against cyber attacks. 

Jeff Joyner is a senior network engineer at Convergent Technologies Group.