Prevent DDoS Attacks from IoT Devices on Critical Infrastructure with These 4 Tips
On April 9, 2009, an act of sabotage on an underground fiber optic cable in my small town brought the world in which I lived to a screeching halt. As a local emergency was declared, myself and the 52,000+ residents who lived around me awoke to a strange new reality, one in which communication had ceased. Cell phones sat quiet. Internet access disappeared. Landline and 911 systems went down. Businesses closed. My town literally stopped as residents suddenly found themselves unable to do even the most basic things—fill their cars with gas, buy food at the grocery store or get money from the bank.
The emergency lasted a mere 2 days, but it sent ripples through my city and others as they struggled with how to keep critical infrastructure safe. It’s a struggle that’s become even more prevalent today with the rise of the Internet of Things (IoT).
The IoT has the potential to connect as many as 50 billion “things” to the Internet by 2020. It’s revolutionizing the way we live, work and play, but it’s also opening the backdoor to cybercriminals who want nothing more than to exploit the security vulnerabilities of IoT devices for financial gain. Their weapon of choice is the distributed denial-of-service (DDoS) attack.
DDoS attacks work by overwhelming a network and causing critical systems to crash. By the end of 2017 alone, reported global DDoS attacks numbered 15 per minute. The sheer volume and accessibility of IoT devices make them a prime target.
That’s bad news when it comes to any one of the 16 critical infrastructure sectors identified by the United States as so vital to national security, public health, and safety, that their incapacitation or destruction would have a debilitating effect. A DDoS attack originating from IoT devices on one of these sectors could easily impact the way government operates, disrupt transportation, and even delay disaster response. It’s a scary and all too real proposition.
All the cybercriminal has to do is write and distribute code to seek out and identify unsecured IoT devices or those secured with just a common or default password. The software then takes over the devices and creates a virtually untraceable botnet to bombard unsuspecting networks with a massive volume of traffic. It’s a simple process really and can occur right under the nose of the unsuspecting IoT device owner.
Securing IoT devices is a good first step in preventing DDoS attacks on critical infrastructure, but that alone is not the answer. It falls to government, its entities, and those companies providing critical infrastructure solutions and services to identify and prevent such attacks as they are happening in real time. Doing that requires the creation of a solid plan of action with enforceable policies and appropriately defined steps. The plan must be put in place before an attack occurs so that everyone knows exactly what they need to do when it happens.
Here are four tips every government, government entity, and critical infrastructure company must consider when creating a plan of action to harden their networks against DDoS attacks originating from IoT devices:
- Choose your weapons wisely
Many DDoS mitigation tools and services are now available, and that makes picking the right one tricky. Some of the things to look for include: the scale of attack the tool or service can stop, the level of service it can provide to critical infrastructure users and to how many users while the attack is ongoing, and how often the tool or service falsely flags someone as an attacker (rate of false positives). The cost of the tool or service should also be considered. And don’t forget to talk to your stakeholders. To learn how to mitigate a DDoS attack, you must first understand how it will impact them.
- Study your attacker
To build a strong defense, you need to know and understand your attacker, their attack patterns and what to expect. Cybercriminals are creatures of habit. If an attack tactic they employ works well, they are likely to use it repeatedly and these tactics leave forensic evidence. This information can prove vital to helping you identify an attack in progress before it gets out of control.
- Test your environment
Testing how an attack will impact your network is essential to its prevention. To do this, you need to run simulation after simulation of attacks and defend against them as best you can. You will want to note how the attacks originate and identify the signs of an imminent attack. You can then try different solutions to see how the attacks react, in the process building a database of defense mechanisms you can use for various scenarios. The more you test your network in the lab, the fewer surprises you’ll encounter during a real attack.
- Adopt new weapons and techniques
By thoroughly testing your environment, you’ll uncover any network vulnerabilities. You can then adopt any new weapons or techniques you need to plug the holes.
Clearly, the events of April 9, 2009 were an inconvenience to myself and others in my city, but they could have been so much more. An attack such as this, enabled by a botnet of untold numbers of IoT devices, could be used to take down critical infrastructure like heat, water, traffic control, and other basic services for any length of time. The chaos that would ensue could result in physical harm and more. It’s a stark reminder of how dangerous DDoS attacks can be and how vulnerable IoT devices are these days. Fortunately, the ability to identify ongoing attacks and have a plan in place to stop them in their tracks is key to preventing such a scenario from ever seeing the light of day. For more information on mitigating DDoS attacks from IoT devices, check out Ixia’s Four-Step DDoS Mitigation Process.
By the way, October is National Cyber Security Awareness Month - check out other NCASM 2018 posts here.