On September 20, 2016, the cyber-security news and investigation site Krebs on Security was the target of a sophisticated cyber attack that attempted to take the site offline. This cyber attack was unprecedented in its method and size, offering many lessons for organizations looking to improve their physical and cyber security.
At about 8 p.m. ET, the site was bombarded with about 620 gigabytes of data per second. This type of cyber attack is known as a distributed denial-of-service (DDoS) attack, where the perpetrator uses a network of internet-connected devices to overwhelm a server, causing it to overload and prevent legitimate requests from being fulfilled. A DDoS attack is very similar to having a mob of people cramming the entrance of a small shop, blocking the legitimate customers and disrupting normal business activity.
The Krebs attack is remarkable and unusual in a few ways. First, the size of this attack, which peaked at around 620 gigabytes per second, is the largest DDoS attack to date, as reported by the internet security firm Akamai. Second, the perpetrators used unsecured Internet of things (IoT) devices to carry out their crime. Internet of Things, commonly called IoT, is a collection of physical devices embedded with electronics, software, and sensors – all of which are connected to a network. Experts estimate that the IoT will consist of almost 50 billion devices by 2020. The Krebs attackers were able to hijack multiple IoT devices with malicious code to create a large scale botnet to carry out the attack. This particular botnet was reported to include over 1 million IoT devices including routers, surveillance cameras, printers, and digital video recorders. The unsecured devices were compromised with malware, which commanded the them to communicate by passing messages to one another and ultimately coordinating their actions to attack their unsuspecting victim.
What can be done to prevent Internet of Things devices from being compromised by malware? And what steps can be taken to help ensure that devices connected to a network are secure? Here are 4 best practices to help improve IoT device security.
1. Reset default passwords
All of the compromised IoT devices used in the Krebs attack were still programmed with their default username and password. The malware was able to exploit these devices by simply logging into them with their factory default credentials.
2. Power cycle your devices
The malware used in the Krebs attack is stored in memory and can be erased with a power cycle (disconnect then reconnect the device from its power source). It is important to repeat step one and reset the username and passwords to something other than their factory defaults as the device will quickly become infected again if the factory defaults are not changed.
3. Disable Universal Plug n’ Play (UPnP) support
Many IoT devices have UPnP which automatically opens virtual ports thatcan “poke a hole” in the router’s shield, making the device discoverable on the internet and vulnerable to malware infection.
4. Maintain device updates
Periodically check for firmware updates and device patches to ensure IoT devices are current and running the latest (and most secure) firmware updates from the manufacturer.