By Ben Reed, ESET senior technical strategist
Recently, BankInfoSecurity.com interviewed ESET Security Researcher Cameron Camp to get his take on one of the latest and looming threats targeting enterprises: distributed denial-of-service (DDoS) attacks. DDoS attacks are nothing new. They have been used for years to bombard a website with so much traffic that it either slows down or crashes completely.
But what is in fact new are DDoS attacks harnessing the power of “internet of Things” (IoT) devices — that is, devices that are directly connected to the internet — to cause cyber destruction. (We explained this type of attack in a previous post, and how individuals and small businesses can prevent their routers and other connected devices from being used to launch such an attack.)
Take the anonymized university that was hit when its connected “smart” vending machines and light sensors were used to carry out a DDoS attack preventing thousands of students from getting internet access. Or when Dyn, a company that controls much of the internet’s domain name system (DNS) infrastructure, was the victim of a botnet that used IoT devices such as cameras and DVR players to flood traffic to Dyn’s servers, causing a massive internet outage.
But what does this mean for the enterprises that are often the targets?
According to Cameron, very few networks can withstand an attack that co-opts millions of IoT devices and targets an organization with multiple hundreds of gigabits coming from everywhere. It raises the prospect of network segments or entire networks failing.
The importance of relationships
The first thing is to have relationships with your upstream internet service providers. This seems obvious to IT practitioners, but its importance is less obvious to others in the organization. As Cameron explains, these situations in the end come down to person one in your organization, calling person two who is a buddy at a major network provider or intersection, saying “here's what we're seeing.” When you cultivate those relationships, you both understand the business imperatives and what an attack means. That makes it easier to solve the puzzle, triage the situation, and determine the right steps to take so you can continue to do business.
Prospects for improvement
While the above preparations are important, it’s important to keep the threat in perspective. “The sky is not falling,” Cameron says. Yet, he points out that there are many, many old routers that haven’t been touched in years, and aren’t up to modern security standards. Getting their owners to replace or update a device that seems to be working is an uphill battle. Governments are putting pressure on IoT device manufacturers to improve security, and it will be interesting to see how they respond in the coming year. In security, he says, “We win in increments. There's no such thing as perfect or 100 percent security. There’s better and better security, and that's what we can do.”
Prediction and prevention
One of the newest ways to address better security is through threat intelligence services that have been growing in popularity over the last year. Take ESET Threat Intelligence, for example. It is a service that predicts and proactively notifies you of real-time threats targeting your business. By providing deep insights into the who, why and what behind potential attacks, services like this enable your internal team to better understand and manage business risk — and improve the effectiveness of your security defenses. (You can hear more about this from our CEO here.)
Finally, if you work for an enterprise, you may want to make sure you are following the Gartner-recommended Adaptive Security Architecture. This is a security framework that supports security teams’ efforts to predict, prevent, detect and respond to attacks. Following and implementing this architecture will help you get one step closer to ensuring your cyber defenses are layered, and bring you one step closer to fighting those lurking DDoS attacks.