Securing IoT Devices to Avert DDoS Attacks

By Will Long Sr., VP & CISO, IS Operations, Children’s Health

Will Long Sr., VP & CISO, IS Operations, Children’s Health

Traditionally, distributed denial of service (DDoS) attack was limited to one particular device or desktop. With the enormous growth and implementation of IoT devices including home routers, camcorders, and DVR, these attacks have become much more lethal where the affected networks and systems can experience downtime for hours and sometimes days. Due to the potential weaponization of these IoT devices, the target of a DDoS attack today might not just include internet service providers and DNS providers but also individual organizations. With the ability to generate an astronomical amount of traffic, DDoS attack launched through a network of systems enabling bad actors to expand their invasion. Therefore, the success of a DDoS attack is largely dependent on the number of bots or network devices that constitute the attacker’s command-and-control server, or botnet.

The advantages of IoT are evident, yet one cannot ignore the security threat these vulnerable devices pose to both consumers and enterprises. The IoT devices are easy to attack as they are purpose-built and have very less computing power. The security features in these devices are minimal as manufacturers of these products are not motivated enough to make these devices highly secure. This lack of motivation can be attributed to the absence of necessary skills or an R&D department required in bringing about such an innovation. Also, the necessary investment to implement these security safeguards would be significantly high, which in turn, will raise the cost of the product. This will affect the manufacturers’ profit margin, as an increase in price would give way to consumers’ disinterest in the product. Furthermore, the consumers do not take the initiative to update the software of their digital devices that add to the security challenges.

In such a scenario, regulatory requirements issued by the government about the security of IoT devices come in handy. This compliance strategy can be executed through legislations that specify the basic security safeguards to be implemented in these appliances. A simpler alternative to avoid such an attack would be to generate unique passwords.

Tackling Different Types of DDoS Attacks

Recently, network-based volumetric attacks have declined sharply in comparison to application layer and protocol attacks. The rea­son for this could be the availability of large botnet support with less investment. It is harder to defend an application layer attack as it takes advantage of the application’s vulnerability, rendering it useless by invoking downtime, instead of flooding the network and saturating the bandwidth. Soon there will be a resurgence of network-based attacks, as bad actor organizations consider them to be stealthier. Moreover, in application layer attack, it is easier for bad actors to withdraw from the invasion without being noticed.

In few instances, the bandwidth protectors that regulate the bandwidth consumption are not even able to detect the flooding of the network. To avoid network flooding, organizations can avail services that protect them from a large network attack. Though not a cost-effective option, these services are quite competent as it drops all the traffic before it reaches the server. In addition, the organizations need to devise a strategy for vulnerability management. This includes a deep understanding of the application or network and identifying the potential security breach points in them. This will lead to comprehension of the vulnerabilities, assisting the organization to devise a strategy concerning their domestic network and policies.

The Future of DDoS

In recent times, even if one does not have the technical skills to launch a DDoS attack, they could easily hire expertise over the in­ternet through Bitcoin or credit card. Additionally, the motivation for such an attack has also changed over the past couple of years; no longer do they limit to being political. In some instances, these attacks function as a distraction from larger attacks, disrupting the security infrastructure that is unaware of the more serious underly­ing attack.

The future of DDoS attacks will involve an internal denial of service caused due to the proliferation of IoT devices. These attacks might be disguised as legitimate payloads and launched from inside of one’s network; hence will not necessarily leverage external devices. Therefore, the stress on securing IoT devices intensifies as DDoS attacks achieve further sophistication at a continually increasing rate.