Nobody is safe.
From the highest tier service provider to a small business network in rural Iowa, every network is susceptible to a massive scale DDoS attack. Whether as a direct target of the attack, or indirectly as critical services are affected elsewhere on the internet.
In my previous article, DDoS and the Broken Internet, I outlined how the recent attack on Dyn highlighted the interconnected services that we have all come to rely on as network operators, and how their service interruptions affect all of us.
This highlights a major flaw in these networks, and largely in the internet as a whole. And yet, we keep adding to it, adding devices that previously had no need for internet access, yet the Internet of Things (IoT) is here, and it’s exacerbating the flaws in our infrastructure.
On Tuesday, September 20th 2016, Akamai (the world’s largest content delivery network) defended against a DDoS attack that was in excess of 620Gbps. This attack was perpetrated largely by the Mirai botnet, malware that has amassed an army of IP-enabled devices with common open ports on the internet – Telnet, SSH, HTTP, SMTP, etc. These are not malware-infected home computers, mind you. These are vulnerable connected devices like cameras and DVRs. Devices that are either vulnerable to SSH exploits, or don’t use SSH at all, and often use default credentials.
Akamai identified the top protocols used in the attack as SSH and Telnet, both very common protocols. The top usernames used were root, admin, and shell. All common and well-documented defaults. How could so many of these devices be so easily compromised? Many of these devices are purchased and used by consumers who are often unaware of the risks of leaving these settings at their defaults, and, as a result, they are left vulnerable and are easily assimilated into these massive botnets.
To make matters worse, some of the identified IoT devices had hard-coded credentials that could not be changed!
SSH vulnerabilities have been around for a long time, and as new exploits are detailed, patches are released and updates are required. Many of these IoT devices don’t get updates. They are installed by the user and then simply left. Who has time to do a firmware update on the home security camera system they bought at Costco, right?
The attack on DNS provider Dyn in October was also at least partially the responsibility of Mirai and the hacked IoT devices. This attack had far-reaching effects, causing a large number of high profile websites to be inaccessible, including Twitter, Spotify, and Reddit, among others.
The number of IoT devices is increasing exponentially, and with it, the attack potential of massive botnets like Mirai.
How can we secure the Internet of Things, or protect our infrastructure from them?