Distributed Denial of Service (DDoS) attacks on the DNS infrastructure are neither new nor rare. What is new, however, is the scale of the attacks, and the use of a network of compromised IoT devices as the source of the attack. IoT security is thus becoming a very important issue that needs to be addressed by the industry and IoT users and operators.
Read below about some impressive large scale DDoS attacks using IoT infrastructure and how Artificial Intellegence (AI) may be a potential solution to this problem.
IoT security (or lack of) – some known DDoS attacks
The attack on hosting provider OVH (Sep 2016)
This attack was reported on September 2016. The CTO of the hosting provider OVH claimed that the Mirai botnet used by attackers was powered by more than 150,000 Internet of Things (IoT) devices, including cameras and DVRs.
The company was targeted by various types of traffic, including Generic Routing Encapsulation (GRE) traffic, a novelty in the DDoS landscape. The servers of OVH were hit by multiple attacks exceeding 100 Gbps simultaneously concurring at 1 Tbps DDoS attack. One of the attacks documented by the OVH reached 93 MMps and 799 Gbps.
The attack on journalist Brian Kreb’s website (Sep 2016)
Brian Krebs is an investigative cyber-crime journalist. His website, KrebsOnSecurity.com, was also hit by a massive distributed denial-of-service (DDoS) attack on September 2016.
According to Krebs, his site was targeted with various types of DDoS attacks, including SYN and HTTP floods. The attack peaked at 665 Gbps and 143 Mpps (million packets per second), but it was successfully mitigated by Akamai, the company that provides DDoS protection services for KrebsOnSecurity.
According to Martin McKeay, Akamai’s senior security advocate, there were indications that this attack was launched with the help of a botnet that has enslaved a large number of hacked Internet of Things (IoT) devices. The devices included routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords.
The Mirai botnet was responsible for this attack.
The attack on hosting provider Dyn
Flashpoint, a well-known Business Risk Intelligence expert, has confirmed that some of the infrastructure used to attack Dyn were botnets compromised by the Mirai malware, the same malware which was used against Brian Krebs and OVH.
However, the botnets used against Dyn were not the same as the ones used against Krebs and OVH – they are separate and distinct botnets from those in the first attacks.
The attack on Liberia’s internet infrastructure (Nov 2016)
According to Dan Raywood,
Multiple attacks took place against Liberia’s rudimentary internet infrastructure that have taken the country’s websites offline over the course of a week.
The attack on Imperva Incapsula network (December 2016)
An attack took place on December 21, targeting several anycasted IPs on the Imperva Incapsula network.
The first DDoS burst lasted roughly 20 minutes, peaking at 400Gbps. Failing to make a dent, the offender regrouped and came back for a second, 17-minute round. This time enough botnet “muscle” was used to generate a 650Gbps DDoS flood of more than 150 million packets per second (Mpps).
A payload analysis showed that the entire attack was just a mishmash of pulverized system files from thousands upon thousands of compromised IoT devices—meaning that the Mirai botnet now has competition.
IoT Security Conclusion
A scan conducted by Flashpoint revealed that there are more than 500,000 vulnerable devices on the Internet and Level 3 Communications says that this number are not only vulnerable, but already infected.
According to Dave Larson, CTO and COO at Corero Network Security, the technology now exists to mitigate the scaled DDoS attacks that we are seeing from the Internet of Things – there just needs to be greater urgency in increasing the scale of the mitigation capacity and the use of the latest in-line, real-time, automated tools.
So, it is time AI to meet IoT, in order to stop DDoS!
Image By Joey Devilla [CC BY-SA 4.0 (http://creativecommons.org/licenses/by-sa/4.0)], via Wikimedia Commons