- Security TWENTY
- Women in Security
The internet is experiencing a new wave of advanced malware ‘Mirai’ after its source code leak by the culprit to hide among many, writes Peter Buttler.
After the history-making attack of 1tbps on France-based company OVH, the malware Mirai attacked another renowned company DynDNS. At Friday, DynDNS reported the attack on its DNS infrastructure which took down popular websites including Twitter, Pinterest, CNN, GetHib, SoundCloud and several others. At first, the blame has been entirely on the IoT-connected devices and suppliers of connectivity of M2M and IoT devices, but experts denied the possibility when they found prints of Mirai botnet in the attack.
The attackers have a keen interest in targeting IoT-devices to conduct far-reaching, massive DDoS attacks through compromised devices such as camera and DVRs, last Friday’s attack is an enough proof of that. It has become necessary to take security measure to protect your IoT-device from falling a victim.
Securing your device from such attacks not only helps in protecting others but also improve your IoT-device in some ways including:
1. The success rate of data delivery.
2. Cost prevention from consequences of malicious use.
3. Brand reputation security.
4. Prevention from IP address blacklisting.
The habits of following tactics and methods should prevent your IoT-devices from the infection of Mirai malware and in worst matter mitigate the repercussions of such attacks.
Sometimes customers have a non-technical background or they don’t care to change log-in credentials after setting up their devices. As a designer or manufacturer of IoT-connected devices, you cannot rely on the end user to secure the device themselves, and to set up a unique username and password is a bare minimum. You should insist end users change these log-in credentials after the device is first powered on (or the company should change it remotely). The common mistake found in such compromised devices is that their web interfaces log-in credentials are often different than their command-line versions. Even the security aware users wouldn’t have been able to secure their IoT-connected devices.
IoT-connected devices should run numerous monitoring functions that search for potentially malicious traffic from unknown IP addresses and blocks them. It will prevent botnets from repeatedly guess-and-try different log-in credentials and trawl the internet. The device’s security should be regularly analyzed and kept updated. Leaving your device outdated and unsupported raises the risk of being compromised.
If you run your own server instead of cloud-based, make it sure to update and maintain it regularly. At the device level, make it sure that the incoming traffic from the device is not spoofed. This can be achieved in numerous ways, for example, using a secure VPN through the device to encrypt the internet packets or lock-down the addresses that are sent to the server.
Understand communication chain of your devices
It is necessary to consult your connectivity supplier to keep a log of all communications path and dependencies. Setting up a secure VPN tunnel on data centers is helpful, but make sure that does devices have external dependencies? Test by taking a subset of devices and removing their access to certain services. Monitor if they fail? And if they fail easily? And did they recover without any human intervention?
Connectivity security essential
While these M2M/IoT devices are still new, stories like DynDNS DDoS attacks are likely to continue in foreseeable future. However, the key element must remain ‘the security of devices’ in deployment strategy and additional resources and time, in particular, to deploy at mass scale.