Mirai, IoT and DDoS Were the Top Talk Tracks at RSA 2017

DDoS attacks leveraging Internet of Things (IoT) devices took center stage this month at RSA Conference 2017.

From the keynote stage, to the hallways, to the breakout sessions, what to do about unsecured devices and threat actors’ nefarious uses of them was top of mind for security pros.

In recent months, threat actors have launched massive attacks fueled by botnets that take advantage of unsecured IoT devices, such as Internet-connected cameras. In some cases, these cyber attacks use gargantuan botnets that comprise hundreds of thousands of devices.

Many RSA speakers focused on Mirai, the malware used to compromise and control many of these botnets, the code for which is open source and is publicly available.

Mirai is Alive and Well

In his keynote presentation, Intel Security Senior Vice President and General Manager Christopher Young warned that Mirai hasn’t been stopped.

“We can’t think of the Mirai botnet in the past tense. It’s alive and well today, and recruiting new players,” he said.

To illustrate it, he shared how Intel Security researchers set a honeypot using an unsecured DVR, and in no time — a little more than a minute — it was compromised using the Mirai malware.

Mirai is the malware behind two of 2016’s largest distributed denial of service (DDoS) attacks, which are also two of the biggest in recorded history: the attack on Krebsonsecurity.com, which reached more than 600 Gbps of attack traffic, and the attack on OVH, which topped 1 Tbps.

Mirai is also responsible for the DDoS attack that took down DNS provider Dyn, which single-handedly disrupted global Internet services, including many of Dyn’s top customers, such as Spotify, Reddit and GitHub.

The IoT problem is only expected to worsen, as the number of IoT devices installed on earth is predicted to reach 24 billion by 2020 — that’s more than three devices for every human being on the planet.

A Call for IoT Regulation

The IoT issue is critical enough that renowned security pro and author Bruce Schneier called on the industry to push for regulation of IoT devices. Citing Mirai, Schneier said the possible fallout from IoT-born threats is not going away and poses a true danger.

“It’s one thing for Reddit to be DDoSed, it’s another thing for your home thermostat to be DDoSed in the winter,” Schneier said, according to Threat Post.

Schneier has culled a list of security and privacy guidelines for IoT devices, which is part of a campaign to promote and encourage better and safer practices from device manufactures, users and the industry at large.

“There aren’t security teams associated with these devices, there’s no way to patch,” Schneier said, “The way you update your DVR is you throw it away.

“It’s science fiction but not stupid science fiction,” Schneier said in Threat Post. “One person writes Mirai, publishes his code, and it’s in dozens of botnets, that’s our world and soon it’s going to be everyone’s world.”

Schneier suggested creating a new agency to regulate IoT security before IoT devices are used for catastrophic purposes.

“When computers start killing people, there are going to be consequences,” he said.

IoT Best Practices

To help protect your organization from IoT-born attacks, A10 Networks recommends these best practices:

  • Disable default passwords when purchasing a device from the manufacturer
  • If two-factor authentication is available on the device, use it
  • Ask yourself if specific devices should be connected to the Internet; just because you can, doesn’t mean you should

Learn more tips in this video:

Proven DDoS Protection

At RSA, A10 Senior Corporate Systems Engineer Tarun Aggrawal showed how A10 Thunder TPS can protect against and mitigate large-scale, Mirai-based DDoS attacks. You can watch a brief video demo here:

As we enter the era of the DDoS of Things and DDoS attacks that reach 1 Tbps become more common, the need to identify and mitigate these sophisticated attacks becomes imperative.

A10 Thunder TPS detects and mitigates attacks at the network edge and is the first line of defense for your network infrastructure against these massive DDoS attacks.

It delivers agile, efficient and network-wide protection against the full spectrum of DDoS attacks, including multi-vector attacks that use a combination of high-rate volumetric or network protocol attacks and more sophisticated application attacks.

The Thunder TPS 14045, for example, is proven to scale to protect against the largest DDoS attacks. It can mitigate attacks of up to 300 Gbps with just three rack units (RU), and may be deployed in a cluster to handle up to 2.4 Tbps of bandwidth.

For more information on how A10 Thunder TPS detects and mitigates DDoS attacks against your organization, contact one of our cyber security experts.

 

Add new comment