CIS Benchmark SYSTEM HARDENING VULNERABILITY MANAGEMENT

Last Friday, a massive distributed denial of service (DDoS) attack took down a number of vastly popular websites including Twitter, Spotify, and PayPal.

During the DDoS attack, hackers flooded the sites with overwhelming amounts of phony traffic, rendering their services unusable to serve authentic requests. Essentially, the perpetrators were able to generate more traffic than the victim could handle, knocking the victims offline.

In the past, attackers have used large numbers of computers to generate these large phony request volumes. But today, there’s genuinely no need for attackers to use that much effort when cheap connected devices are a dime a dozen.

Who’s to Blame?

From connected security cameras to DVRs, Friday’s DDoS attacks were perpetrated by millions of cheap connected devices.

Researchers claim Botnets created by the Mirai malware are partially responsible for this outage. Mirai has been taking advantages of security vulnerabilities found in IoT devices by infecting the device and using them to launch massive DDoS attack. Mirai works by binding IoT devices to form one huge connected network, then uses those devices to deluge websites with phony requests, overloading the sites and knocking them offline.

In fact, Chinese firm Hangzhou Xiongmai Technology has since come out and claimed that security vulnerabilities involving weak default passwords in its products are partly to blame for Friday’s attacks.

Additionally, Mirai is responsible for the DDoS attack against Brian Krebs’ cybersecurity blog, Krebs on Security. The attack delivered nearly 665 Gbps of traffic to Kreb’s site, making it one of the largest recorded DDoS attacks in history.

IoT’s Future is Weary

Friday’s attack affected service providers like Airbnb, Netflix, and AWS, companies who have historically been investing loads of time and resources into created robust security infrastructures. The fact that all of these providers were able to get knocked off at the same time is rather remarkable. To attack each of these providers' head on would take an even larger number of devices than were used on Friday. That’s what makes this attack so worrisome: none of these companies were attacked directly.

The attacks targeted Dyn, the DNS service provider. DNS is a shared resource that nearly all companies outsource, meaning someone could cripple the internet usage worldwide by targeting a relatively small number of companies.  Similar to a power grid: overloading a couple key power stations could take down an entire region.

The NNT Perspective

Simply put, the attack Friday happened because cyber criminals were able to easily identify vulnerable IoT devices- vulnerable because they were all left in their default state with UPnP ports inviting attack and default usernames and passwords allowing easy access for criminals. At this stage, the device firmware can be replaced with botnet infected versions, then when the DDoS attack is invoked, the devices all come to life to hammer the web services.

In this particular case, this is an instance of needing to treat the cause, not the symptoms. With NNT, we would ensure that the Botnet is not established in the first place, and secondly, if malware does become present on an IoT device or traditional computing system, it’s detected so it can then be removed.

Defending against DDoS attacks is an extremely difficult task, but there are a few steps you can take to stay ahead of the criminals:

 

Step 1: Introduce System & Device Hardening

Step 2: Monitoring is Key!

Step 3: Be on the Lookout for Botnets

Step 4: Keep an Eye on Performance Metrics and Scalability

Step 5: Have a Security Awareness Program in Place

 

Click here to read about the DDoS Learning Curve: How to Better Protect Yourself

 

Read this article on Computer World

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies LLC
Rivers Lodge
West Common
Harpenden
Hertfordshire
AL5 2JN

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.