IT professional Roger Mitan of BlueBridge Networks shares lessons learned from the Dyn attack where nearly 100,000 IoT devices were hijacked due to unpatched vulnerabilities and default admin credentials existing on these devices. He shares what IT leaders can do to prevent future attacks.
Editor’s Note: The following blog by Roger Mitan of Blue Bridge Networks was posted on the Midsize Enterprise Summit LinkedIn community. We are sharing it as part of our Midsize Enterprise Summit newsletter due to our readers’ interest in IT security. You can read the full blog here Internet of things and security blog. Also visit our LinkedIn midmarket CIO community MES LinkedIn CIO community
On Friday, Oct. 21, a large-scale Distributed Denial of Service (DDoS) attack was directed at Dyn, a managed Domain Name Service (DNS) provider with some very large clients, such as Twitter, Spotify, and Reddit. This attack basically made it nearly impossible for end users to resolve the internet addresses of these services, therefore making these services effectively appear offline for their users.
Many DDoS attacks like this occur every day, but this one stood out because of the large base of companies impacted and the type of devices used for this attack. The devices that were mostly responsible are in a category known as the Internet of Things (IoT). What are IoT devices and why should you be concerned about them?
IoT devices are, simply put, everyday devices that can now be addressed directly via a network. These are devices like thermostats, various types of sensors, refrigerators, cars, security cameras, and many more. These devices have all existed for a long time and some of them have even been indirectly accessible via the internet for some time, usually through a connected workstation or server. What has occurred more recently is the proliferation of tiny, low-power and inexpensive System on Module (SOM) and Computer on Module (COM) systems which have been integrated into these everyday devices, allowing them to now serve up their functions and data directly to the network and internet. No longer is a workstation or server needed to be in-between these devices and the network.
The applications of these types of devices are vast and very useful for everyday tasks, such as home automation, remote car automation, security systems monitoring, sensor monitoring, etc. Removing the need for a computer interface to connect them to the internet increases their efficiency while decreasing their cost and complexity. Unfortunately, this also reduces the security of these devices.
Some of what was learned from the Dyn attack was that about 100,000 of these IoT devices were hijacked due, in a small part, to unpatched vulnerabilities, but more often due to default admin credentials existing on these devices. Many of these devices didn’t even offer the end user a way to change these default credentials. Hackers were then easily able to login to these devices and use them to direct attacks at this critical DNS infrastructure.
Most people today know that they shouldn’t connect their computer to the internet without good firewall and antivirus software, and in most cases, they are also behind additional hardware firewalls. These IoT devices, though, are being purchased and put directly on the internet with no security other than what is built in to them, which is usually next to nothing.
From the end user standpoint, this opens a vulnerability into your network from the internet when an attacker compromises one of these devices exposed at your network edge and then uses it as a doorway into your important internal systems. From an external standpoint, if one of your devices is compromised and used for one of these DDoS attacks you will most likely find your internet grind to a halt and may even have your internet provider cut you off to help mitigate the attack. Therefore, from many angles, improperly secured IoT devices pose a serious security threat.
There are several options to help protect yourself from these device vulnerabilities. First, keep in mind these devices are extremely useful and you can’t simply avoid them. You can, however, ensure you perform proper research and ensure you are buying reputable products. That $20 IP camera may look like a great deal, but it might also be a great resource on your network for a hacker to exploit.
Second, employ a good perimeter firewall which includes advanced threat protection that will detect and stop not only external attacks, but also attacks and exploits being perpetrated from within your network. Make sure these devices are always placed behind these firewalls and not directly on the internet.
The third suggestion is to go a level beyond the firewall and utilize the services of a Managed Security Services Provider (MSSP). This is a team of people who will supplement the automated protection of your firewall with skilled people trained in detecting these types of threats and identifying these rogue or unsafe and unsecure devices on your network before they become an issue for you or others on the internet.
The number and types of IoT devices is expanding every day and making lives easier along with that expansion. Many of these devices are also in their infancy from a security perspective. Take advantage of these devices, but also take some precautions to ensure they are working for you and not for hackers out there who love them for very different reasons.
Roger Mitan is the director of engineering with BlueBridge Networks, a downtown Cleveland-headquartered data-center and cloud computing business. He can be reached at rmitan@bbnllc.com.
