Massive DDoS Attack On U.S. College Throws IoT Security Into The Spotlight -- Again

A Distributed Denial-of-Service attack on an unnamed U.S. college in February, which was recently made public by web application security company Incapsula, has put Internet of Things security into the spotlight once again.

Incapsula said the college's network was affected by the massive attack for "54 hours straight," indicating that the offenders are becoming more adept at launching application-layer assaults on vulnerable IoT devices.

"Based on a number of signature factors, including header order, header values and traffic sources, our client classification system immediately identified that the attack emerged from a Mirai-powered botnet," according to an Incapsula spokesperson in a blog post. "Our research showed that the pool of attacking devices included those commonly used by Mirai, including CCTV cameras, DVRs and routers."

[Related: Channel Players Step Up To Address IoT Security Concerns In Health Care]

Sponsored post

Mirai, which mainly targets consumer devices, is malware that turns computer systems running Linux into remotely controlled bots.

According to Redwood Shores, Calif.-based Incapsula, the DDoS bots used in the attack were hiding behind different user agents than the five hard-coded in the default Mirai version. The attack may have exploited open telnet ports and TR-069 ports on the vulnerable IoT devices, said Incapsula.

The DDoS attack on the U.S. college could indicate that IoT attacks are being modified to launch more elaborate – and larger – application-layer attacks, according to Incapsula.

"Ever since the Mirai source code was made public last year, we’ve seen offenders continue to evolve the malware’s capabilities to expand its range and launch more elaborate and impactful assaults," said the Incapsula spokesperson.

Security vulnerabilities in IoT devices were underscored in October when a DDoS attack – which was launched through IoT devices including webcams, routers and video recorders – overwhelmed servers at Dynamic Network Services, taking down up to 1,200 websites.

The frequency of DDoS attacks increased in 2016 due in part to IoT botnets, according to information service provider Neustar. The Sterling, Va.-based company said it mitigated 40 percent more DDoS attacks from January through November compared with the same span last year.

Neustar warned that as botnet code assemblies are published, dangerous new DDoS developments will continue to emerge, such as persistent device enrollment, which enables botnet operators to maintain control of a device even after it's rebooted.

"Basically these IoT devices – especially the lower-end ones, like cameras – will never be secure because the companies that make them have no expertise or interest in security," said Marc Harrison, president of Silicon East, a Manalapan, N.J.-based solution provider. "The only way to protect them is to put them behind the firewall. Once they are exposed and compromised, these kinds of attacks will happen. Once the attack is under way, from the receiving side there's nothing they can do."

Looking forward, Harrison stressed that solution providers have an important role to play in educating their customers on the risks of vulnerable IoT devices -- and how it can impact their businesses.

"[DDoS attacks] will increase at every level," he said. "The only way to solve it is for providers and guys like us to provide external protections. I evangelize customers about these risks whenever I get the opportunity to. We need to protect our clients as best we can."