Recent DDoS Attacks Underscore Need for IoT Security

By: Darren Deslatte, Resolvit Principal Consultant

As you’ve probably heard, some of the Internet’s biggest players, including Twitter, Amazon, and Netflix, were recently forced offline for several hours by a series of distributed denial-of-service (DDoS) attacks. It was the scale and duration of the October “Internet outage” that caught the public’s attention (although DDoS attacks have been on the rise for a while), but what really made this cyber offensive unique was its pivotal use of the Internet of Things (IoT). Events like this show us just how important IoT security is for organizations.

DDoS attacks are a popular form of cyberattack that let hackers take down websites or servers by overwhelming them with traffic. The easiest way to do this (and the most difficult to prevent) is to flood the host Domain Name Service (DNS) server with queries.

When you enter a URL address, a DNS server lets your browser access the website by translating the domain name into the IP address of the website’s host server. DDoS attacks hijack this process using one or more botnets, networks of compromised Internet-connected devices that are controlled by remote hackers. The hackers manipulate the devices in the botnet to try to access a website simultaneously, flooding the site’s DNS servers with illegitimate traffic. The site then grinds to a halt, rendering it virtually inaccessible.

IoT Presents New Challenges

Botnets have traditionally been assembled from PCs, but the October attack was launched via an estimated 50,000 to 100,000 IoT devices (mostly cheaply-made DVRs and IP cameras). Given the recent explosion of IoT, this may seem like a cause for alarm. And it is true that IoT security and monitoring efforts are tricky, because consumers can’t purchase protective software for their devices, and because devices with the same software often have the same default username and password, which can be difficult to change.

However, the inevitable growth of IoT will force manufacturers to create security solutions, like making device login information easier to customize. As serious as the October attacks were, they were simply the growing pains of a still-new technology.

Special thanks to Resolvit Principal Consultant Jim Waldron for his contributions to this post.

“The project resource that you are providing has made significant contributions and has become an extremely valuable member of the team.”

“We’ve been very happy with our resources and the level of support that Resolvit provides.”

“I have been partnering with Resolvit for three years now and they have always met or exceeded my expectations. The developers we have on board have done an outstanding job over the last year. In support of our 2016 IT goals, they have been involved with major EDW projects, client data transfers, and support activities.”

 

 

“The Resolvit members are part of our team. They function like our people and offer ideas and solutions while taking on more responsibilities every day.”

“I’ve had a great experience with Resolvit so far. Our resources are great and the account managers that we’ve worked with are very attentive to make sure we’ve got everything covered!”

“I am very impressed with the level of service I’m getting from Resolvit.”

 

“When we were looking for an offshore resource, Resolvit came through with flying colors.”

 

“Resolvit does a solid job keeping in contact with us and listening to our needs. They then provide feedback on needed actions or offer recommendations.”

 

“The team at Resolvit has ensured that communication is open and candid between us. We have appreciated the conversations regarding various technologies and possible options for personnel. Resolvit obviously believes in building a relationship with their clients and not just simply doing business.”

“Resolvit has been a great partner and it’s clear to us that the folks we work with are dedicated, highly professional, and produce great work. We value the relationship with Resolvit and look forward to our continued partnership.”