Artículo: What do Mirai & IoT botnets mean to the public sector?

«5 Primeros pasos para defenderse contra ataques DDoS impulsados por IoT» artículo publicado por CISCO.

 Al reconstruir estos recientes ataques DDoS, podemos entender mejor cómo prepararnos y reaccionar ante ellos
en el futuro. Los primeros pasos para hacerlo serían:

   1º Limitar el número de dispositivos IoT o protéjalos fuertemente dentro de su empresa u oficina. 
      Tenga en cuenta que cualquiera de sus dispositivos que participan en un ataque DDoS puede hacer daño
      o destruir su propia accesibilidad a Internet, incluso si su organización no es el objetivo.
   2º Crear una política de cumplimiento estricto para garantizar que se cumplan los requisitos mínimos 
      de seguridad en todos los dispositivos IoT. Esto puede ayudar a prevenir que se utilicen para llevar
      a cabo un ataque a su infraestructura.
   3º Desarrolle una lista de "Dispositivos IoT Aprobados" para asegurar que todos los dispositivos conectados
      han sido verificados para cumplir con un nivel mínimo de seguridad. Para obtener más información, 
      consulte https://www.owasp.org/index.php/IoT_Security_Guidance.
   4º Agregue el escaneo y la corrección regularmente programados de los dispositivos IoT como responsabilidades 
      para las tareas del equipo de penetración (PenTest).
  5º  Utilice la segmentación de red para reducir la superficie de ataque disponible de su organización y 
      limitar la contaminación cruzada.

http://blogs.cisco.com/security/what-does-mirai-iot-botnets-mean-to-the-public-sector

5 First Steps to Defending against IoT Driven DDoS Attacks

In honor of October’s National Cybersecurity Awareness Month, users of Twitter, Netflix, Reddit and the New York Times were treated to a special treat – and just in time for Halloween. Unfortunately it was more of a trick as users of these and other major websites across the United States were shut out due to a distributed denial-of-service (DDoS) attack. The massive strike, which came in three waves, was immediately investigated by the FBI and Department of Homeland Security which uncovered the root cause of the attack: baby monitors. Yes, baby monitors – and webcams, home routers and many other home-based wireless devices connected to the Internet of Things (IoT).

Since that event, other IoT driven DDoS attacks have occurred. We can expect their frequency and strength to increase. And the public sector will likely be a prime target. So how should we prepare? How should our cybersecurity strategies adapt in response?

Say Hello to Mirai

The Mirai Botnet is a key aggressor in the ongoing DDoS battle. It has been used in some of the largest and most disruptive attacks ever seen, including the attack on cybersecurity journalist Brian Krebs’ web site and the recent October waves. In reality, these attacks were not complex. They were easily carried out by deploying the Mirai Botnet code. It is freely available and requires little skill to use, taking advantage of already known hard-coded passwords in IoT devices like web cameras, printers and DVRs.

Since we use these devices every day in our homes, they tend to stay connected to the internet even when we are not using them. This has created a massive army in-waiting, sleeping quietly and unnoticed but that can be easily commandeered by attackers. Scans of the internet for vulnerable devices like these quickly find hundreds of thousands – and they make ideal DDoS attack points. Why? Because of their huge numbers and varied locations. This makes any attack very hard to defend against. Mirai’s simple setup, combined with its far-reaching networking capabilities has forever joined DDoS with the IoT to create a dramatic paradigm shift in threat assessment. And the public sector must prepare.

How Public Sector Should React

By deconstructing these recent DDoS attacks, we can better understand how to prepare and react to them in the future. First steps to do so would be to:

  1. Limit the number of IoT devices or heavily protect them from within your agency. Be aware that any of your devices that take part in a DDoS attack can strain or destroy your own internet accessibility – even if your organization is not the target.
  2. Create strong policy enforcement to ensure minimum security requirements are met on all IoT devices. This can help prevent them being used to carry out an attack on your infrastructure.
  3. Develop a list of “Approved IoT Devices” to ensure all connected devices have been verified to meet a minimum level of security. Check out https://www.owasp.org/index.php/IoT_Security_Guidance for more information.
  4. Add regularly scheduled scanning and remediation of IoT devices as responsibilities for your penetration testing (PenTest) team’s duties.
  5. Utilize network segmentation to reduce your organization’s available attack surface and limit cross-contamination.

But even with all these precautions and no IoT devices connected to your network, you can still feel the results of the DDOS. In the case of the Mirai Botnet DDoS attack, the army of IoT devices targeted their fire power on a specific provider, DynDNS. Yet the impacts became wide spreading, enveloping those companies using DynDNS’ services and even spreading to dependent public sector organizations, degrading their services as well. In our rush to take advantage of the cloud we may have forgotten that if you can’t access the cloud or it isn’t available you don’t have the service. So I suggest your team take a look at all critical third party dependencies, especially those that are cloud based, and develop contingency plans for any future outages that may occur. I would also suggest having a well thought-out and rehearsed disaster recovery plan for DDoS IoT driven attacks. This will let your organization benefit from a calm and consistent response in times of crisis.

In the end, many of the devices used in the October DDoS IoT attack will never be “fixed” due to additional severe security vulnerabilities that are independent of their passwords. Add to that the low-cost, throw-away nature of most IoT devices and the slim profit margins carried by many of their manufacturers, and we should continue to prepare for the worst. So it is best to think of the October DDoS IoT attack as a blessing in disguise. Thanks to its broad geographic reach and direct impact on the everyday lives of internet users, a much needed understanding of cybersecurity and why it should be a cornerstone of the digital transformation has been elevated in the public’s mind; a consciousness that will far outlive that of Mirai.

The following two tabs change content below.
Consultor freelance de Ciberseguridad. Técnico Superior Informático en Desarrollo de Aplicaciones Multiplataforma y Perito Judicial Informático Forense inscrito con el nº 120 en la Asociación Profesional de Peritos de las Nuevas Tecnologías (PETEC). **Profesional del campo de la Informática desde el año 1988, desarrollando diversos perfiles ocupacionales. Desarrollador Web, Programador de soluciones a medida en diversos lenguajes: Clipper, C++, Visual Basic y Visual Basic .NET. **En el campo de la pericial informática: * Especializado en la identificación, extracción y análisis de evidencias digitales en dispositivos de almacenamiento físicos. * Autentificación y Verificación de correos electrónicos. * Suplantación de identidad y verificación de mensajes en redes sociales. * Recuperación de datos de dispositivos de almacenamiento físicos. * Peritación informática sobre el uso de aplicaciones informáticas durante la actividad laboral. * Fraudes informáticos y phising. ............ Radioaficionado desde hace más de 30 años y fotógrafo nocturno, disfrutando de la noche admirando el patrimonio nacional con otros ojos.