Make IoT more secure & prevent IoT Bot attacks
The new hit HBO science fiction series Westworld is set in the future where we are told society has now moved into a state where all diseases are cured and people live in ease because everything is taken care of for them. The show then focuses on a Western theme park where humans interact with extraordinarily lifelike robots – until the robots start to exhibit strange behavior and do things they aren’t supposed to. I won’t spoil the show for you, but I do find it interesting that even in a world where all human disease is cured, computer viruses still exist…
The fact is what was once science fiction is becoming closer to reality every day, the promise of a fully interconnected world where everything “talks” to each other (and to us) is just about here. My home can now be fully adjusted by an app on my phone. Everything from temperature, lights, door locks, alarms, background music, and even my coffee maker are connected to the internet and can be controlled by me and my family. The Internet of things (IoT) revolution is here and will continue to grow rapidly over the next decade making our lives exponentially more connected and easier. But, as our science fiction stories predict, the potential for harm due to malicious attacks also grows greater and more dangerous.
Challenging the sheriff
Recently, a botnet called “Mirai” has been identified which targets vulnerable IoT devices and uses them to launch DDoS attacks as well as spread to other systems. This particular botnet infects systems due to the fact that many smaller IoT devices never have their default username and password credentials changed. Many users never think to change the default password on their internet connected camera, or Wi-Fi gateway, or home DVR. This malware uses a simple brute force attack to test 61 known default credentials against the device. Once it gains access to the device it “phones home” to download the full malicious code and then runs it. After that it begins to search out other potential targets.
What makes these attacks so devastating is the shear speed and volume of such attacks due to the amount of devices that can quickly be infected used for an attack. In one test conducted by Robert Graham of Errata Security, he demonstrated that an IoT security camera could be infected in as little as 98 seconds. After that the camera could be used to launch a DDoS attack with surprising power – potentially as much as 1.75 Million HTTP-Requests per second.
“IoT botnets like Mirai have the potential to cut off whole continents from the Internet with DDoS attacks aimed at critical infrastructure. Anyone managing IoT devices has the responsibility to secure them.”Marius Heuler
I think that the Mirai Botnet is a great example of how important it is for corporate IT security teams to have a comprehensive plan and automated approach to preventing security breaches. I focus on automated approaches because as the number of connected devices increases it becomes nearly impossible to “lock down” these systems manually.
Bring the cavalry
When you have a hundred or even a few hundred devices to look after, it could possibly be done manually – but when you have thousands or tens of thousands of systems that could be infected, you must have tools to use which can detect and mitigate security holes such as default usernames and passwords left on devices.
This is where a platform like StableNet® comes in. Our unified networks & services management solution has a number of ways in which we can be used to both prevent and detect infections such as the Mirai botnet.
Prevention: Policy & vulnerability checking
One of our most advanced features is our Policy and Vulnerability Checking engine within the NCCM module (White Paper: NCCM & Compliance checking using StableNet®). By creating a simple policy that says “No devices may use the default username and password” StableNet® can then check each device on the network to see if that policy has been violated.
This can be automatically run at a scheduled interval and can also always be run when a new devices is seen on the network. Likewise, when new vulnerabilities are reported by the device vendor, we can check existing hardware and software to see if they are vulnerable (and tell you what to do if they are).
Detection: Bandwith & service monitoring
If a device or devices are compromised StableNet® can also be used to detect when the devices are being used to launch attacks through constant bandwidth monitoring and service monitoring (analyzing loads and peak traffic) as well as analyzing running processes to find root kits with tools such as chkrootkit.
For any IT team dealing with an influx of many new IoT devices, StableNet® can be a valuable tool to help both manage the process of onboarding these devices as well as securing them from attacks.
Westworld is a really entertaining TV show, but like many cowboy westerns it also reminds us that there will always be black hats in the world who want to do harm; best to keep an eye out for them and lock your (virtual) doors at night.
Share this Blog post:
Senior Solutions Architect at Infosim