ilolab - Fotolia
IoT malware: How can internet-connected devices be secured?
IoT botnet DDoS attacks have been growing in volume and impact. Expert Nick Lewis explains how you can ensure your internet-connected devices are secure from IoT malware.
Several internet sites and companies were hit with a series of record-setting DDoS attacks, which were carried out using a botnet of internet-connected devices infected with IoT malware. The devices included home security devices, routers, DVRs and cameras. How do these IoT devices get infected with malware? Are there any best practices for securing IoT devices?
The distributed denial-of-service (DDoS) attacks in late 2016 demonstrated a significant effect on enterprises and the internet at large.
DDoS attacks have been around for almost 20 years, and they have gotten worse as attackers have discovered new methods of conducting and sustaining these attacks.
DDoS attacks have increased in volume over the last year -- the Dyn domain name system (DNS) attack by the Mirai botnet of compromised internet of things (IoT) devices peaked at 1.2 Tbps. There was significant collateral damage on major cloud services that used Dyn for DNS. Other victims of IoT botnet DDoS attacks include infosec journalist Brian Krebs' website and the European web hosting firm OVH. A Symantec report found a dozen different IoT malware families infecting IoT devices.
The call to secure IoT devices continues to gain attention, as it has been demonstrated that IoT insecurity has a far reaching impact on the internet.
Internet-connected devices typically get infected by IoT malware because users maintain insecure default configurations and default accounts. While the use of defaults has long been an issue with most endpoints, they have typically been behind firewalls that provided a minimal level of protection.
There are many best practices for developing and deploying IoT devices, but a first step would be to restrict inbound network access from the internet and to change default passwords. Companies should also monitor outbound network traffic for any signs that their routers or IoT devices have been compromised and are being used for DDoS attacks or for routing suspicious traffic.
Enterprises and internet service providers should ensure they have DDoS mitigation plans in place in the event they are hit with an attack.
Find out how to prevent IoT attacks beyond having network-level defenses
Discover how enterprises can prepare for the growing challenges and risks of IoT
Dig Deeper on Threats and vulnerabilities
Related Q&A from Nick Lewis
What are port scan attacks and how can they be prevented?
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
Explore benefits and challenges of cloud penetration testing
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
What are the best criteria to use to evaluate cloud service providers?
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading