Mutiny Blog

DDoS appears to be the weapon of choice in recent years for malicious attacks on businesses, with high profile assaults on companies such as Sony and Dyn. These attacks have affected a number of prominent websites and pose are very real threat to the Internet economy. The Dyn hack in particular demonstrated both the level of harm that can be caused by the careful targeting of these activities and the ease with which they can be launched.

So why are they on the increase?

DDoS attacks on sites are neither new nor rare, but their scale has to this point been limited by the availability of bot machines to undertake the work. Most people assume that these bots need to be computers, compromised through infections, but more recently non secure IoT devices such as IP cameras and DVRs are being used to launch attacks. To add fuel to the fire, the recently released Mirai malware is making headlines as its source code is now available in the public domain, allowing inclined individuals to turn Linux based devices into bots.

The number of IoT devices is also on the rise, used both within businesses and by less technical individuals in their homes. This ever increasing number of devices means that every day more and more vulnerable targets are available to hackers to turn into bots or modify to undertake other malicious activity. To put it into a scale, an attack on hosting company OVH in September used over 150,000 IoT devices and Flashpoint has identified over 500,000 devices which are vulnerable to the same technique, which leaves lots of scope for expansion.

So how do you stop your devices becoming a part of the problem?

Within your infrastructure you most likely already have both IoT devices bought by your business, for the business, and IoT devices being used by your teams for their own reasons. Whatever their reason for being there, they are a potential risk and should be treated accordingly.

Ensure that when devices are sourced they are not susceptible to the default user issue identified in the OVH article. Investigate where devices are coming from, who makes them and what their position is on the issue. Make securing and updating these devices a priority. When they are initially purchased, ensure that policy is in place to buy the correct products.

Do not buy devices that can't be updated or patched, or that don't allow you to change the default passwords. Ensure that new devices are updated immediately to the latest firmware and have their default passwords and accounts changed. Check for updates on a regular basis and ensure that these devices are running the latest, most secure firmware and patches.

Restrict access to the devices; then don't give IoT devices access to the Internet unless stipulated. And conversely stop incoming connections from outside the business, unless this is absolutely required. You can’t hack and reconfigure a device if you can’t get to it!

Monitoring your network

Monitoring solutions such as Mutiny can help you to keep an eye on both the devices on the network and the traffic they are producing. Monitoring allows you understand the statuses of your networked devices; when they are down, crashed, running slowly or are encountering other issues.

Monitoring can also be used to ensure these devices are on the latest firmware for maximum security. It can alert your team to any unusual activity, and using plugins and customisations, alert you when changes are made to their configuration.

The golden rule is, do not simply assume that an IoT device is secure when you buy it, and don’t plug it into your network until you are sure it is secure. Keep monitoring the devices and restrict their access to your critical systems and the internet. Taking these steps ensures you are not becoming a part of the problem.

If you are looking to keep your network secure and get a better view of your network infrastructure and devices then get in touch.