SlideShare a Scribd company logo

IoT DDoS Attacks: the stakes have changed

Download as PPTX, PDF
Great Bay Software
Great Bay Software

The latest massive IoT DDoS attack from the Mirai botnet that took major websites like Twitter and Reddit offline for hours – has already gained notoriety as one of the worst DDoS strikes in history. In this webinar Manish Rai & Ty Powers of Great Bay Software will help you understand exactly how the enterprise IoT landscape is changing, and what it means for the assumptions organizations have been making in regards to safeguarding against IoT cyberattacks. You will: Gain insights into how the recent IoT-based DDoS attacks were launched How similar attacks could be launched inside enterprise networks How to safeguard against IoT device compromises How to reduce your risk, whose job is it anyway? Learn about what your peers are doing for IoT device security, relevant findings from the 2016 Great Bay Software IoT Security Survey Watch this ondemand webinar with this link: https://go.greatbaysoftware.com/owb-safeguarding-against-iot-ddos-attacks

Related slideshows

NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeaways
 
IoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetIoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the Internet
 
Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks Supply Chain Attack Backdooring Your Networks
Supply Chain Attack Backdooring Your Networks
 
1 of 18
IOT DDOS ATTACKS: THE STAKES HAVE CHANGED Manish Rai, VP of Marketing Ty Powers, Principal Technical Product Manager December 13th , 2016
2 Recent News: IoT DDoS Attacks • Mirai botnet infected est. 145K+ IoT devices on Internet • Infected devices used to launch series of DDoS attacks • There was follow-up attack in France that reached 1 Tbps • Culminated in a serious widespread Internet outage • Motive unclear, though ransom suspected
3 Timeline of Attacks Kerbs on Security 623 Gbps 9/20 10/21 Dyn 1.2 Tbps French Provider OVH 1 Tbps 9/22
4 9/20 : Krebs on Security Attack • Mirai Botnet used in the attack • September 20 attack reached 623 Gbps • Previous record was 363 Gbps • Krebs was a Akamai pro bono customer • Akamai dropped Krebs website rather than take on a hard financial hit
5 9/20 : Krebs on Security Attack Top Sources Brazil Vietnam China South Korea Romania Russia Colombia Taiwan United Arab Emirates Source: Akamai
6 10/21: Dyn Attack • Attack began ~7:10 am ET, targeting East Coast servers • Mitigated ~2 hours later • Second wave began ~1:50 ET, global in nature • Recovered ~1 hour later • Small probing attacks next few hours/days • Prevented without customer impact Source: A depiction of the outages caused by today’s attacks on Dyn, an Internet infrastructure company. Source: Downdetector.com. http://hub.dyn.com/static/hub.dyn.com/dyn-blog/dyn-statement-on-10-21-2016-ddos-attack.html http://www.cnbc.com/2016/10/21/major-websites-across-east-coast-knocked-out-in-apparent-ddos-attack.html
7 “Mirai” Botnet • Targeted IoT Devices: DVRs, IP surveillance cameras, and consumer routers • Spreads like a worm, using Telnet and 60+ default username/ passwords to scan Internet for additional IoT devices to infect • Many of the devices are manufactured by XiongMai, with hardcoded username/passwords • Botnet even blocks owners from communicating with it • Capable of generating 10 types of attacks: • 2 UDP, 2 GRE, 2 ACK, 1 SYN and 1 DNS flood • 1 Valve Engine attack • 1 HTTP flood attack that is configurable and can leverage any HTTP method. • Static and randomized IP address spoofing in five of the 10 attack types
8 Targeted Devices
9 Great Bay Software Survey Results: Conducted before the IoT DDoS Attacks Surveyed over 100 Enterprise Network Security Professionals Goal: With the exponential growth of IoT devices (both consumer/enterprise) connected to the enterprise network in 2016/17 our aim was to understand: • How will this effect enterprise endpoint security protocol and best practices? • How are enterprises planning on accommodating for IoT devices? • How will enterprises secure IoT & umanagable devices on their network compared to the managed device types.
10 Great Bay Software Survey Results: Conducted before the IoT DDoS Attacks “71% of IoT Enterprise Security Professionals Not Monitoring IoT Devices In Real Time” “43% of those surveyed stated that they have no plans to accurately classify every IoT device on the network and 28% plan to address the issue within the next 6-12 months”
11 Best Practices for Safeguarding your Enterprise against DDoS threats • Be part of the solution, not the problem • Protect yourself while protecting others • Be good Internet citizens • Know what’s on your network at all times • What’s on my network? • How long has it been there? • Has it moved? • Why is it on my network? • What is it doing? • Do I trust it? Mirai-infected devices were spotted in 164 countries Imperva, inc. - https://www.incapsula.com/
12 Best Practices for Safeguarding your Enterprise against DDoS threats • Harden networks against the possibility of a DDoS attack • https://www.us-cert.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf • Disable remote access to IoT devices if possible • Remote access provides a conduit to vulnerable devices • Disable/Limit protocol usage • Disable unsecure protocols such as Telnet and FTP as possible • Ensure that communication ports that should be open are • Are SSH, Telnet and HTTP ports still open? • Ensure proper network segmentation • Reduce the available attack surface and limit the contamination • Keep the perimeter intact • Avoid Internet-facing endpoints and services where possible
13 Best Practices for Safeguarding your Enterprise against DDoS threats • Implement policies and procedures around new device adoption • Endpoint certification/validation etc. • Know the risks and weigh them against the benefits of IoT • Minimum Security Baselines (MSB) • Document and educate endpoint owners on proper configuration guidelines • Control access to the network • Limit network access to approved devices (Authenticate, Authorize, and Audit) • Deploy real-time endpoint detection • Know what’s connecting to the network and where • Patch, patch, patch • Patch early and patch often
14 Whose Job Is it Anyway? • Is IoT security the responsibility of the device manufacturer, the service providers, or us…the consumer? • All of the above! • Gartner researchers predict that by 2020 we will have 25 billion connected devices • PricewaterhouseCoopers’ Global State of Information Security® Survey 2015 stated that more than 70 percent of connected IoT devices, such as baby monitors, home thermostats, and televisions, are vulnerable because they lack fundamental security safeguards • This is MUCH more than an enterprise problem!
15 Whose Job Is it Anyway? • Device manufacturers • Reuters reports that IoT device manufacturers such as Hangzhou XiongMai have said it will recall some of the products it has sold in the United States, strengthen passwords and send out a patches for some devices • http://www.reuters.com/article/us-cyber-attacks-manufacturers-idUSKCN12O0MS • In the race to be first (or early) to market, security has been lower priority in some cases • CSO Online reported that many companies still think that if a device is not directly accessible from the Internet, nobody needs to be concerned about its security. • CSO online - http://www.csoonline.com/article/2983681/vulnerabilities/how-to-secure-the- internet-of-things-and-who-should-be-liable-for-it.html • Published FTC guidelines • https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report- november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf
16 Whose Job Is it Anyway? • Service Providers • Provide DDoS prevention and protection services • Consumer-grade providers can and possibly should provide hardening at the Point of Presence as first line of defense • IoT End Users • As the device owners, we need to make certain that we’re doing all that we can to prevent or at least not participate in attacks such as DDoS • The Online Trust Alliance (https://otalliance.org/) has published an IoT security checklist for consumers • https://otalliance.org/system/files/files/initiative/documents/smartdevice-securityprivacy- checklist.pdf
17 ACT SEE TAKEAWAYS & QUESTIONS IoT Security Monitoring • Identity • Behavior • Location Onboarding • Authenticate Device • Onboard Automatically • Segment Enforcement • Alert • Quarantine • Block Visibility • Real-time Discovery • Comprehensive Profiling • Every Network
THANK YOU! To learn more visit: greatbaysoftware.com Request an IoT endpoint assessment: https://go.greatbaysoftware.com/endpoint- assessment-request

More Related Content

IoT DDoS Attacks: the stakes have changed

  • 1. IOT DDOS ATTACKS: THE STAKES HAVE CHANGED Manish Rai, VP of Marketing Ty Powers, Principal Technical Product Manager December 13th , 2016
  • 2. 2 Recent News: IoT DDoS Attacks • Mirai botnet infected est. 145K+ IoT devices on Internet • Infected devices used to launch series of DDoS attacks • There was follow-up attack in France that reached 1 Tbps • Culminated in a serious widespread Internet outage • Motive unclear, though ransom suspected
  • 3. 3 Timeline of Attacks Kerbs on Security 623 Gbps 9/20 10/21 Dyn 1.2 Tbps French Provider OVH 1 Tbps 9/22
  • 4. 4 9/20 : Krebs on Security Attack • Mirai Botnet used in the attack • September 20 attack reached 623 Gbps • Previous record was 363 Gbps • Krebs was a Akamai pro bono customer • Akamai dropped Krebs website rather than take on a hard financial hit
  • 5. 5 9/20 : Krebs on Security Attack Top Sources Brazil Vietnam China South Korea Romania Russia Colombia Taiwan United Arab Emirates Source: Akamai
  • 6. 6 10/21: Dyn Attack • Attack began ~7:10 am ET, targeting East Coast servers • Mitigated ~2 hours later • Second wave began ~1:50 ET, global in nature • Recovered ~1 hour later • Small probing attacks next few hours/days • Prevented without customer impact Source: A depiction of the outages caused by today’s attacks on Dyn, an Internet infrastructure company. Source: Downdetector.com. http://hub.dyn.com/static/hub.dyn.com/dyn-blog/dyn-statement-on-10-21-2016-ddos-attack.html http://www.cnbc.com/2016/10/21/major-websites-across-east-coast-knocked-out-in-apparent-ddos-attack.html
  • 7. 7 “Mirai” Botnet • Targeted IoT Devices: DVRs, IP surveillance cameras, and consumer routers • Spreads like a worm, using Telnet and 60+ default username/ passwords to scan Internet for additional IoT devices to infect • Many of the devices are manufactured by XiongMai, with hardcoded username/passwords • Botnet even blocks owners from communicating with it • Capable of generating 10 types of attacks: • 2 UDP, 2 GRE, 2 ACK, 1 SYN and 1 DNS flood • 1 Valve Engine attack • 1 HTTP flood attack that is configurable and can leverage any HTTP method. • Static and randomized IP address spoofing in five of the 10 attack types
  • 9. 9 Great Bay Software Survey Results: Conducted before the IoT DDoS Attacks Surveyed over 100 Enterprise Network Security Professionals Goal: With the exponential growth of IoT devices (both consumer/enterprise) connected to the enterprise network in 2016/17 our aim was to understand: • How will this effect enterprise endpoint security protocol and best practices? • How are enterprises planning on accommodating for IoT devices? • How will enterprises secure IoT & umanagable devices on their network compared to the managed device types.
  • 10. 10 Great Bay Software Survey Results: Conducted before the IoT DDoS Attacks “71% of IoT Enterprise Security Professionals Not Monitoring IoT Devices In Real Time” “43% of those surveyed stated that they have no plans to accurately classify every IoT device on the network and 28% plan to address the issue within the next 6-12 months”
  • 11. 11 Best Practices for Safeguarding your Enterprise against DDoS threats • Be part of the solution, not the problem • Protect yourself while protecting others • Be good Internet citizens • Know what’s on your network at all times • What’s on my network? • How long has it been there? • Has it moved? • Why is it on my network? • What is it doing? • Do I trust it? Mirai-infected devices were spotted in 164 countries Imperva, inc. - https://www.incapsula.com/
  • 12. 12 Best Practices for Safeguarding your Enterprise against DDoS threats • Harden networks against the possibility of a DDoS attack • https://www.us-cert.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf • Disable remote access to IoT devices if possible • Remote access provides a conduit to vulnerable devices • Disable/Limit protocol usage • Disable unsecure protocols such as Telnet and FTP as possible • Ensure that communication ports that should be open are • Are SSH, Telnet and HTTP ports still open? • Ensure proper network segmentation • Reduce the available attack surface and limit the contamination • Keep the perimeter intact • Avoid Internet-facing endpoints and services where possible
  • 13. 13 Best Practices for Safeguarding your Enterprise against DDoS threats • Implement policies and procedures around new device adoption • Endpoint certification/validation etc. • Know the risks and weigh them against the benefits of IoT • Minimum Security Baselines (MSB) • Document and educate endpoint owners on proper configuration guidelines • Control access to the network • Limit network access to approved devices (Authenticate, Authorize, and Audit) • Deploy real-time endpoint detection • Know what’s connecting to the network and where • Patch, patch, patch • Patch early and patch often
  • 14. 14 Whose Job Is it Anyway? • Is IoT security the responsibility of the device manufacturer, the service providers, or us…the consumer? • All of the above! • Gartner researchers predict that by 2020 we will have 25 billion connected devices • PricewaterhouseCoopers’ Global State of Information Security® Survey 2015 stated that more than 70 percent of connected IoT devices, such as baby monitors, home thermostats, and televisions, are vulnerable because they lack fundamental security safeguards • This is MUCH more than an enterprise problem!
  • 15. 15 Whose Job Is it Anyway? • Device manufacturers • Reuters reports that IoT device manufacturers such as Hangzhou XiongMai have said it will recall some of the products it has sold in the United States, strengthen passwords and send out a patches for some devices • http://www.reuters.com/article/us-cyber-attacks-manufacturers-idUSKCN12O0MS • In the race to be first (or early) to market, security has been lower priority in some cases • CSO Online reported that many companies still think that if a device is not directly accessible from the Internet, nobody needs to be concerned about its security. • CSO online - http://www.csoonline.com/article/2983681/vulnerabilities/how-to-secure-the- internet-of-things-and-who-should-be-liable-for-it.html • Published FTC guidelines • https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report- november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf
  • 16. 16 Whose Job Is it Anyway? • Service Providers • Provide DDoS prevention and protection services • Consumer-grade providers can and possibly should provide hardening at the Point of Presence as first line of defense • IoT End Users • As the device owners, we need to make certain that we’re doing all that we can to prevent or at least not participate in attacks such as DDoS • The Online Trust Alliance (https://otalliance.org/) has published an IoT security checklist for consumers • https://otalliance.org/system/files/files/initiative/documents/smartdevice-securityprivacy- checklist.pdf
  • 17. 17 ACT SEE TAKEAWAYS & QUESTIONS IoT Security Monitoring • Identity • Behavior • Location Onboarding • Authenticate Device • Onboard Automatically • Segment Enforcement • Alert • Quarantine • Block Visibility • Real-time Discovery • Comprehensive Profiling • Every Network
  • 18. THANK YOU! To learn more visit: greatbaysoftware.com Request an IoT endpoint assessment: https://go.greatbaysoftware.com/endpoint- assessment-request

Editor's Notes

  1. What is his talk track here?