When it comes to the internet of things, security is crucial.
We discovered this after last year’s Mirai DDoS attack, which infected over a million bots and major enterprises including Twitter, Etsy, Github, Spotify, Reddit, Netflix.
Let’s recap on this attack, in case you missed it.
Mirai, the malware behind the largest DDoS attack on record was made possible through lack of security found on IoT devices. This malware attack was built to target systems that use a default login password online. In more complex terms:
The malware finds vulnerable machines by scanning a broad range of IP addresses until it finds IoT devices with easily guessable passwords, Imperva says. It’s got a number of DDoS attack methods in its playbook, including GRE, SYN, ACK, DNS, UDP and Simple Text Oriented Message Protocol (STOMP) floods. Network world reports.
Servers and routers were both targeted during Mirai’s attack and experts say it was not sophisticated, instead, it targeted the vulnerable aka, lack of security.
To learn more about this attack in-depth, view this article by Corero.
After the Mirari attack, security researchers scrambled to understand the cause of the disruption, as well as a solution in order to prevent this attack from happening again.
After all, IoT is only growing, as the internet and data continue to expand. Digital devices are more vulnerable than ever and require top notch security to protect data.
“However, the problem with giving every single gadget that we come in contact with access to the internet is that no one really thought much about security, leaving many these things vulnerable to viruses and malware. The Mirai DDoS attack taught us a valuable lesson about IoT devices with poor security practices: they can be a huge threat to networks, with attacks involving nearly a million bots.” Hot Hardware reports.
So, what is the answer? The latest from security researchers may have a solution.
This week, an international team of researchers sought to develop a white worm in order to protect IoT devices. They actually used the code from the Mirari attack, that was published on GitHub in order to get a first-hand approach of how to stop this from happening again.
Meet AntibIoTic: A Potential Security Solution
After studying the source code from the Mirari Worm’s command and control system, researchers came to a conclusion.
This solution comes in the form of a PDF, titled: AntibIoTic: Protecting IoT Devices Against DDoS Attacks.
This defense is designed to gain access to poorly-secured devices in order to inject them with a code that resembles an antibiotic. Once this happens, the owner is notified to fix the problem by changing things like credentials, updating firmware or fixing software.
Instead of acting in a malicious way, this code works to improve the security of devices.
According to Network World, the code works to do the following:
Collect and publish data about vulnerable devices
Security researchers, the device manufacturers and anyone interested can analyze the data about these at-risk devices published on a public website
The authors specify an interactive interface with a range of privileges, presumably based on trust, to let others contribute to AntibIoTic.
Sanitize Infected Devices
Once the AntibIoTic worm has control of a weak device, it either applies a fix to prevent further intrusions or sanitizes the device of malicious code installed by the bad actors.
Notify Device owners
After sanitizing the device, the AntibIoTic worm will try to notify the device owner of the vulnerabilities.
Secure Vulnerable Devices
If the threat has not been fixed after notifying the owner, AntibIoTic will apply security fixes, such as changing the admin credentials or updating
Resistance Removal Of AntibIoTic By Reboot
A mechanism tracks all identified vulnerable devices. If a reboot occurs, AntibIoTic will re-infect after the devices return to operation and appear on the internet. Taken from Network World.
To learn more about how to protect your secure data, attend Transformational CISO Assembly.
Join industry leaders such as Keynote Speaker Robin Bienfait, CEO of Emnovate on November 16-17, 2017 in Salt Lake City to discuss the latest cyber security strategies at Transformational CISO Assembly.
Limited sponsorship opportunities available. Download the Transformational CISO Assembly Sponsorship Prospectus for more information >>