Peggy Smedley, editorial director, Connected World magazine, recently sat down with Dirk Morris, founder and chief product officer, Untangle, to discuss DDoS (distributed denial of service) attacks on large organization such as Amazon, Spotify, Netflix, and Twitter. He explains how the IoT (Internet of Things) is involved and what we can expect going forward.
Smedley: Let’s start by talking about some of the basics. What is a DDoS attack?
Morris: DDoS stands for distributed denial of service. A denial-of-service attack is characterized by an attempt to flood a target with illegitimate traffic with the goal of blocking legitimate traffic, ultimately resulting in the target’s inability to respond to legitimate network traffic at all.
Smedley: Is this new or do these happen often?
Morris: DDoS attacks are nothing new. The first known denial-of-service attack took place in February, 2000, and targeted various ecommerce sites, including Amazon and eBay. Distributed DoS attacks are an evolution of DoS attacks that employ multiple sources of traffic. Botnets are commonly used to generate DDoS traffic. A botnet is a network of computers that have been breached by a hacker; oftentimes, this happens without the knowledge of the computer’s user. The hacker then has those computers under his or her control. Botnets can act in unison like one big computer, giving the hacker the power to direct a lot of traffic at once towards a target.
Smedley: Are small, medium, and large companies subject to these attacks?
Morris: Yes. DDoS attacks can target any size of business; in fact, the number of attacks against small business has risen sharply as tools to create attacks have become widely available. Larger companies, however, are often the targets of the attacks, especially if the motive is to acquire a ransom in return for stopping the attack.
Smedley: How is the IoT (Internet of Things) involved?
Morris: The attack that took place on Oct 21, 2016 against Dyn, a provider of domain name services, involved the use of an open source malware strain called Mirai. Mirai crawls the Internet looking for IoT devices that are only protected by the factory-default username and password. It can then take control of the devices and use them to generate garbage traffic that can be directed at a target. Security researchers were able to conclude that Mirai IoT botnets were amongst the sources of traffic in the Dyn attack.
Smedley: Why is it happening now in such a large scale?
Morris: As IoT devices become more prevalent in both commercial and consumer settings, they become targets of opportunity for hackers. IoT device and component manufacturers have not taken sufficient steps to secure their products.
Smedley: What can we expect going forward?
Morris: Expect copycat attacks. DDoS attacks aren’t going away; in fact, these types of attacks are easier than ever to conduct. Botnets are even available for rent, lowering the bar for would-be hackers.
Smedley: What can we do as an enterprise or small company to fend off these attacks?
Morris: DDoS mitigation is available as a service from a number of providers. It’s important for network administrators to also have a handle on what “normal” traffic patterns and response times look like.
Smedley: Is this something that could have been prevented?
Morris: It’s difficult to prevent DDoS attacks entirely. However, this particular attack profile would have been very different if Mirai’s army of zombie IoT devices wasn’t involved. IoT device manufacturers need to take security seriously. Until they do, there are some ways to protect those devices from these kinds of exploits. One important way to prevent attacks like these is to put a next-generation firewall in place at the gateway to the Internet. This keeps the local network, and its IoT devices, safe from hackers. Large enterprises have this kind of security in place. However, small businesses and homes many times rely on off-the-shelf routers that aren’t capable of providing a secure gateway to the Internet. Untangle has released a home license for its next-generation firewall software specifically to address this gap.
Smedley: Does the Internet need to be regulated?
Morris: Internet regulation per se isn’t really the issue here. Virginia Senator Mark Warner wrote a letter to the FCC (Federal Communications Commission), the FTC (Federal Trade Commission) and the DHS (Dept. of Homeland Security) in response to the Dyn attack, calling out the ”unacceptably low level of security” present in IoT devices and questioning whether or not they constitute a threat to the Internet itself. Expect to see regulations instead focus on securing endpoints like IoT devices.
Smedley: What should be aware of that we are not?
Morris: The U.S. does not currently have standards for computer security that it imposes on manufacturers. Responsibility has fallen to consumers, who are often ill-equipped to take on network security challenges. We believe that the need for network security solutions in the home will only increase, as IoT device adoption becomes more widespread.
Smedley: Anything you would like to add?
Morris: Thank you for the opportunity to address your readers. The promise of IoT is great, but so are the challenges it presents to network security.
Want to tweet about this article? Use hashtags #IoT #M2M #DDoS #attack #hackers #security