Blogs

DDoS via the Internet of Things – the first wave of attacks?

April 20, 2017

Posted by: Avadhoot Patil

Laurence Pitt of Juniper Networks

In the last year, we’ve all heard of the Mirai malware, but did you know that Mirai is Japanese for ‘the future’? And that’s what I believe we are seeing: The future of cyber-attacks.

This doesn’t mean that everything else goes away, says Laurence Pitt, Juniper Networks Security Strategy director for Europe, the Middle East and Africa (EMEA). There will still be phishing attacks, socially engineered access and advanced persistent threats, but these are costly to develop and with distributed denial of service (DDoS) in IoT, the bad guys seem to have found a simple and successful business model to raise needed funds:

Develop malware à Use in high profile attack à Monetise threats with service model

There’s no law of supply and demand on the Dark Net; threats exist as code and can be downloaded, modified and used by any number of people. This was demonstrated successfully with the DDoS attacks in late 2016, where major attacks were almost immediately followed by hundreds of ‘copy-cat’ attacks.

There were wasted, precious cycles as incident response teams needed to spend time on identification – creating a smokescreen which allowed the original attackers to quietly disappear.

So, what do I mean by this blog title: “DDoS via IoT – the first wave of attacks?”

I’m not saying that we are going to see millions of DDoS attacks in 2017. Rather, I think that the malware groups are now at the monetisation stage, selling botnets-as-a-service (BaaS) on the Dark Net, making license revenue for further research.

The hacker who developed and recently released the Mirai source code subsequently blogged, “I made my money, there’s lots of eyes looking at IoT, so it’s time to go.” This statement is the basis for my prediction: The DDoS and Botnet attacks in 2016 were the first wave, gathering intelligence and generating revenue which will now be used to develop and propagate advanced and complex IoT Next Generation malware.

What might we see next? We’re starting to see new developments already. Just in the last months, we have seen an American university’s network disrupted by a combination of vending machines and lightbulbs! Next could easily be a botnet with embedded ransomware taking control of an office building and delivered as an automated attack – holding business to ransom – demanding payment literally to turn the lights back on.

These attacks are coming and until security for IoT catches up, they will remain a risk. So, what can we do to become safer and not come home to find the espresso maker that made coffee at breakfast has become a cyber-mastermind by dinner?

Finally – be vigilant. In a conversation with a colleague at RSA 2017 recently, we mused over the story of the university being taken offline when there had been multiple, but ignored, reports of network performance problems.

If your network slows down, if applications seem to be misbehaving, don’t put this down to ‘Monday/Friday’ traffic, as it could be the next big national news-worthy breach infiltrating your network!

SDSN is a Juniper Networks platform to ensure security is built into physical and virtual networks, rather than just added on, as is typical of most network security today.

The author of this blog is Laurence Pitt, Juniper Networks’ Security Strategy director for Europe, the Middle East and Africa (EMEA)

Comment on this article below or via Twitter @IoTGN