IoT devices like smart TVs, CCTV, Coffee machines, Wireless routers, AI-based devices, have become a part of our daily lives. Although these devices bring a lot of comfort and convenience to us but it also exposes us to cybercrimes. With the use of multiple IoT devices our attack surface has increased. We are much more vulnerable to cyber-attacks now as compared to the past. The IoT attack surface is not limited to just unwanted exposure of identity but it has also made us vulnerable to data theft, phishing attacks, and use of IoT to target another host.
Case study – Mirai DDOS attack using IoT Botnets
In October 2016 the world witnessed the first major outbreak of Malware that targets IoT devices. This type of malware affects multiple types of connecting devices like printers, DVRs, home appliances like wireless routers, security cameras, fridges, coffee machines, washing machines, etc. It was the first major threat of its kind which impacted the connected devices. Mirai was able to get access to IoT devices by using the default credentials these devices are shipped with. These infected devices were then used in distributed denial of services attacks by creating a botnet. A botnet is a set of various devices that are infected with malware and are controlled remotely. The controller of the botnet can direct the infected devices to send large amounts of data to a target. In the Mirai attack as well these connected botnet devices were instructed to send a large amount of data to the website hosting companies which caused many popular websites to be taken offline. Mirai attacked both Linux and Windows-based systems. These attacks resulted in the inaccessibility of several high-profile websites, including Airbnb, Twitter, GitHub, Reddit, Netflix, and many others.
1. A Victim botnet machine is identified by rapid scanning and the target rate of 4.7 million IP addresses was controlled over 7 months from July 2016 to Feb 2017. The report server was receiving on average 1.1 million packets from 269000 IP addresses per minute.
2. All the Zombie devices were then used to send a report to the control server so that they can be instructed to send queries to the target server
3. Report server dispatches the load information
4. The loader will then store the victim's information.
5. The attacker will then generate the command
6. Using command and control the relay devices were used to perform the attack.
7. The DDOS target was then attacked by all the IoT devices simultaneously using command and control.
Mitigation strategy to avoid cyber attacks
Ensure that a disaster recovery strategy is in place:
Implement a well-reputed endpoint security solution (such as antivirus, antimalware, etc.) across all network endpoint devices, especially since malware tends to infect the entire network.
Provide regular training to staff to help them differentiate between legitimate and suspicious emails or websites.
Regular and mandatory cyber awareness workshops can educate and train employees to avoid security risks and raise their knowledge around online threats.
While using the internet, use HTTPS i.e., connect over encrypted channels wherever possible.
Spread user awareness to not click on links, downloading attachments, or software from doubtful sources. Phishing via emails or malware can be used to do a man-in-the-middle (MitM) attack.
A frequent password rotation policy must be implemented.
Best practice recommendations
Implement Patch Management (Patch it up!): Regular patching of below devices:
1. Mobile Devices – Phones, laptops, tablets, etc.
2. Network Devices (both personal and work) – routers, firewalls, etc.
3. Service Infrastructure – servers, applications, databases, etc.
4. IoT – printers, security cameras, etc.
5. Cloud Services – make sure that any Cloud Service Providers that you use have a strategy and practice of patching as well.
General User Practices (Be Cyber-Smart): Stay vigilant at all times and make sure you are doing everything you can to mitigate security risks. You should make a habit of the following:
1. Log off machines, portals, etc. when you are not using them.
2. Practice good physical security of devices, credentials, badges, etc.
3. Report suspicious activities to IT/IS as well as management.
4. Adopt the principle of “least privilege” that ensures users only have access to the resources they need to perform their jobs. Users can raise a request and an administrator can provide access to the license or applications the user requires.
5. Educate, learn – ask questions!
Antivirus/Malware/Threat Protection: How to keep malware at bay:
1. Implement Antivirus software for all your devices
2. Make sure you get Antivirus and Threat Protection for
3. Consider getting a managed Antivirus and Threat Protection solution
4. Threats evolve with them.
Password Management (Don’t Let Hackers Crack the Code): Here’s how you can follow good password practices:
1. Use one unique password per account (meaning, do not use the same password for multiple accounts or sites).
2. Do not share your credentials via sticky notes, email, or text. Never share personal information. In the case of a common service or account, store those credentials in a password vault that can be accessed only by authorized users who have the needed privileges.
3. Have a set frequency and length for passwords and refrain from reusing or slightly Make it easier to manage all your passwords by installing an application like a password vault or PIM/PAM solutions. This is one of the most optimum ways to prevent unauthorized users from accessing confidential accounts. It also simplifies password management for employees.
4. Multi-Factor Authentication (Add an Extra Layer of Security): Multi-Factor Authentication (MFA) is the number one way to protect your credentials, devices, and data. It essentially adds an extra verification step that you must complete to access your account. Even if a hacker cracks your password, it is not possible for that person to log into your account because of MFA the system requests another or maybe third “factor” of authentication, like security token, fingerprint, or voice. Implementing MFA provides users with the safest option when it comes to cybersecurity. Almost all reputable services offer this service.
5. Zero Trust Network also known as Zero Trust Architecture is a security concept that works like a threat model by not trusting any actors, systems, or services operating from within the security network and will verify everything before granting access to the system. The Zero Trust model is a result of data breaches by hackers when they passed through the corporate firewalls to internal systems without much resistance. This is due to insufficient security of the premises of internal systems that host applications and data on-premise and in the cloud and these apps and data were accessed from multiple locations and users Zero Trust approach enables enterprises to control micro-segmentation and complicated perimeter enforcement based on users, their locations and other parameters to determine whether to trust a user, machine or application that is trying to access an enterprise private network.
How to get more free content
If you like this article and would like to read more of our content for cybersecurity insights, tips and tricks feel free to follow us on Oppos social media. If you’re a struggling business owner who needs help in assessing their business’s cybersecurity posture feel free to take advantage of our free introductory assessment and we’ll help you figure out a game plan for keeping your company safe