Conf42 DevSecOps 2023 - Online

The Role of IoT and 5G Devices in DDoS Attacks: A Growing Threat Landscape

Video size:

Abstract

The threat landscape of IoT-driven DDoS attacks is escalating, turning innocent gadgets into cyber weapons for massive DDoS attacks. Learn why the proliferation of poorly secured IoT devices is fueling a new generation of botnets capable of launching devastating attacks, and what strategies organizations like Gcore are employing for mitigation. Explore critical insights into the anatomy of these attacks, discover alarming future trends, and understand current best practices to fortify your digital ecosystem against this looming threat.

Summary

  • Andrey Slastenov is the head of security at Gcore. He says the escalating scale of DDoS attacks is linked to increasing number of IoT devices. We need a complex security strategies that recognize and effectively counters the risk of IoT and 5G technologies.
  • Botnets periodically scan the Internet for vulnerability. Once a vulnerability device is identified, the attacker exploits these vulnerabilities to gain control. After device is compromised, it becomes part of the attacker's botnet. This underscores the critical importance of securing the IoT devices.
  • In the first half of 2023 alone, we have witnessed a huge over 300% increase in IoT driving these DDoS attacks. These attacks have far reaching and often devastating consequences for businesses and organizations.
  • Effective protection measures are not just an option, they are necessity in this rapidly evolving digital landscape. It's crucial to protect against IoT driving botnet attacks with specialized DDoS protection solution. The role of sophisticated analytics cannot be overstated.

Transcript

This transcript was autogenerated. To make changes, submit a PR.
Hello. My name is Andrey Slastenov, and I am the head of security at Gcore. One of my primary goal involves protecting our customers from DDoS attacks, and we have extensive experience in this area. Additionally, with a highly distributed infrastructure capable of repealing attacks of more than 100 terabytes per second, we have such number of customers protected within our data centers and worldwide. We are always up to date with the latest cyber threats trends and gather comprehensive statistics on both existing and zero day threats. As we examine the landscape of cyber threats, it's crucial to recognize that the escalating scale of the DoS attacks. In the span of just two years, we have witnessed a significant surge in the average attack size. In the beginning of 2021, we saw average attack peaking at 300 gigabit per second. Fast forward to 2022. That number has more than doubled to 650 gigabit per second. And by the beginning of 2023, we're facing average attacks of 800 gigabit per second. This trend is not just a set of numbers, it's a clear signal that attackers are becoming more powerful. And as we go into the evolving landscape of cyber threats, IoT becomes evident that the increase in these DOS attack size is closely linked to their increasing of IoT devices. What is interesting that the generation of attacks exceeding one terabit per second has surpassed the capabilities of cluster of servers, or virtual machines to execute such strong attacks, thousands of widespread devices with high data transfer capabilities are necessary. IoT and 5G technologies are particular suitable for this purpose, as they offer exactly their characteristics. Why are IoT and 5G devices frequently used in cyberattacks? Let's go into that topic. Many of devices, while technologically advanced, have lag in one critical area, security. They may run on the software that is not regularly updated or might still use the default passwords that were shipped with. There is vulnerabilities like open doors for cybercriminals. Just take a moment and think, when was the last time you updated your home thermostat connected to the Internet or changed its factory set password? Well, this is not just a personal oversight, it's just a collective secured gap. These is devices are usually made to be easy to use, but not always secure enough, making them easy target for the hackers. With five g now in the picture, there is security problems can get just much worse. 5g fast speed and the better connection can turn a small security issue into big cybersecurity problem very quickly. So securing these is devices extends beyond just a regular updated and strong passwords. We need a complex security strategies that recognize and effectively counters the risk of IoT and 5G technologies. Want to know how the big problem is? Look at the picture on my slide. So I get this information from very popular showdown site which showing by some filtering rules which I put there like you can see that I just searched for the microtech with open port 80 and you can see how many devices is there open for the access through the Internet. So this is a huge problem of such kind of devices. Let's explore the structure of their attacks. Typically they involve key elements. These attackers a command and control center and network of bots known as the botnet. Looking at the mechanics of DDoS attack in the context of IoT drive and botnets, we can identify these several steps. The first step involves the attacker selecting their target. This target could be a specific device, a website or an online service. These choice of target is often strategic, aiming to cause maximum disruption or damage. For instance, targeting a financial service website could have a far reach implications affecting the numbers, users and transactions. The next step is orchestrated by the command and control center. This center act as the orchestrator for the entire botnet. It sends out the attacker instructions to all of the compromised IoT devices. These instructions are to start sending requests, typically in overhauling manner to chosen target. The command and control center does not just initiate the attacks, it also coordinates the behavior of entire botnet, ensuring that the attack is sustained and effective. The final step is the actual execution of the DDoS attack. All the bots in the network now acting under the instructions from the comment and control center, start sending large volume of the request to the target. This volume of traffic is intended to overhand the target resources. For website, this could mean making it inaccessible to legitimate users, essentially taking it offline for device or server. This could lead to system crashes or several disruption in traffic functionality or the surface. As we go deeper into the complex structure of IoT drive and botnets, it's crucial to understand that their threats extend beyond the just launching DDoS attacks. Botnets represents a complex and layer of danger, not only because they can disturb the services through DDoS, but also due to their ability to continuously and recruit other IoT devices. This self propagating nature of botnets makes them especially threat. As such, compromised devices becomes a tool for further expanding the network. Let's talk how botnet infect another devices. Botnet periodically scan the Internet for vulnerability. IoT devices these could be anything from home security cameras to smart thermostats. Many of their devices have default or weak passwords, making them easy target the betnot net use automated tools to scan the vast ranges of IP addresses, looking for the devices that respond and show signs of the vulnerability. Once a vulnerability device is identified, the attacker exploits these vulnerabilities to gain the control. This often involves injecting malware into the devices. The malware is typically sent from load these servers, which stores the malicious gcore. The code is designed to give the attacker remote control over the device, and can often evade basic security measures. After device is compromised, it becomes part of the attacker's botnet. It now responds to the commands from the command and control center. Just like other infected devices. The newly recruited bot is ready to participate in the DOS attack or any other malicious activity dictated by their botnet apparatus. And also the infected device may report back to the command and control center. It may relay information about its capabilities, location, or even find a report about these vulnerable devices in the same network. This information is used to further expand the botnets or to optimize the attack strategy. The process of infecting IoT devices and incorporating them into the botnets is pretty straightforward for the attackers. This underscores the critical importance of securing the IoT devices. Well, in the first half of 2023 alone, we have witnessed a huge over 300% increase in IoT driving these DDoS attacks. This unprecedented rise is not just a number, it represents a significant and growing threat to our digital infrastructure. It's important to note that 90% of their sophisticated attacks are based on the botnet. There is multivector attacks combine different types of attacks patterns and this make them harder to defense against. These DDoS attacks has far reaching and often devastating consequences for businesses and organizations. It can be like direct financial losses. So the financial implication of the DoS attacks is easy to measure. For instance, online store in 50,000 euro per hour will get the same amount of losses for every hour of downtime caused by the DoS attack. Another potential threat is the loss of the customers. In industries where the competition is huge, downtime can drive customers to competitors compensation expenses. Particularly for service based businesses like SaaS, there is often expectation to compensate these clients for the downtime. So it's also oding to the financial strain caused by the DDoS attack itself. And the final one, the loss of customer loyalty. So the Internet provides a powerful platform for customers to voice their dissatisfaction. So negative reviews can deter their potential customers, leading to a loss of business and customer loyalty. So in the light of the increasing threats posed by IoT driving the DOS attacks, it's imperative that we discuss the best practice for safeguarding our devices and the networks. Effective protection measures are not just an option, they are necessity in this rapidly evolving digital landscape. From IoT devices side the first and fundamental step is to change their default password on all IoT devices. Default passwords are often easily guessable and are common entry for point for attackers. By setting strong unique passwords, you significantly reduce the risk of your devices being compromised. Also, you should regularly updating the firmware of your IoT devices to fix the critical vulnerabilities. Manufacturers often release firmware updates to patch the vulnerabilities. By keeping your devices up to date, you always ensure that any known security flows are addressed promptly. Another point is implementing strong notification mechanism. This scope may include two factor notification or digital certificates. Strong notification ensure that only authorized users can access and control your IoT devices and the final one is exploring and considering IoT security frameworks. So these is frameworks provides the guidelines and best practices for securing IoT ecosystems. Adhering to their frameworks can help in systematically securing devices and the data they handle from the network site. It's crucial to protect against IoT driving botnet attacks with specialized DDoS protection solution usually this solution is not on premise, it's cloud based. So there is solution designed to detect and mitigate the DOS attacks, providing an additional layer of defenses. They are especially important for organizations which is heavily rely on line services and so they are at higher risk of being targeted. And usually the cloud based DDoS protection systems can provide a huge amount of capacity so they can sustain the attacks which is going over one terabit or even thousand of terabit per second. And let's now look at the real world example to better the dynamic of IoT botnets attacks and how it was successfully mitigated this case studies from Gcore provides developable insight into the nature of these attacks and importance of the robust response strategy. The client faced a DDoS attack that was highly distributed involving numerous of devices. The attack method used was known as the carpet bombing which utilized UDP traffic to overhelm the target. This type of attack is particularly challenging because it spreads across multiply client addresses, making it harder to isolate and defense against such kind of attack. This not only made it difficult to detect the attack, but also led to the overloading of uplinks, that is their cumulative traffic. The big volume and distributed nature of the attack posed a significant threat to the client network. Well, the key to our success was identifying the common pattern in the attack. So usually the botnet used the pretty similar devices and pretty common the attack patterns which can be easily identified. Like for example, you have 1000 of devices which is doing the same thing and using the same approach for the attacks. So the good analytics system can help you to identify that pattern and block such kind of attacks. The post investigated investigation that we did revealed that the attacker used the botnet exploit in the health check kiosk. These kiosks were used to construct the botnets network, demonstrating how everyday devices can be weapons. So as you see on that pictures, our analytics system easily detect inside the packet that red highlighted pattern which was used to block the whole attack. The size of attack was almost one terabit per second. So in the previous slide, we examined a real world case study of IoT botnet attack. Now let's discuss the key elements that enable us to sustain and mitigate such attacks effectively. Understanding their tools and strategy is crucial for any organization looking to improve the cybersecurity defense, or who just want to use these third party vendors to provide them the DDoS protection services. So the first line of defense against widespread IoT botnet attacks is their distributed architecture and distributed infrastructure, seamlessly integrated, in our case, in our CDN content delivery network. This setup allow us for the distribution of the network load, preventing any single point of failure in the face of the huge DDoS attack. This distributed nature helps to absorb and dispense their massive amount of the traffic, thereby safeguarding the core services and assets. The role of sophisticated analytics cannot be overstated. In today's digital age, there is attack patterns are complex and constantly evolving. Traditional static defense mechanisms are no longer sufficient. These is systems provide agility and intelligence necessary to identify, analyze, respond to threat in real time. These is system learn from each attack and provide the necessary data for the next element. And the next element is deep packet inspection plays a pivotal role in our auditos protection system. Deep packet inspection goes beyond IP address filtering. It examines their data within the network packets. Attack can be blocked not only by IP and protocol headers, but by the content of the packet itself. So as the conclusion, first let's acknowledge the paradox of progress. While five G and IoT technologies bring unmatched connectivity and convenience, they simultaneously escalate the threat of landscape, particularly in terms of sophisticated these DOS attacks. These dual nature demands our attention and action. The enhanced speed and connectivity offered by 5G are not just a bonus for our digital lives. They also amplify the potential severity of the cyberattack. They vary features that make 5G revolutionary also make it potential for malicious activities. When it comes to IoT we face a vulnerability crisis. Many of their devices are not fortified with robust security measures, making them attractive and easy target for cybercriminals. So these vulnerabilities is not just a risk, it's just a gaping hole in our digital defense. Well, addressing these risk is not just a task for tech experts. It secured a collective. So we need the widespread awareness about their threats and the implementation of standard security protocols across all IoT and 5G devices. It's a shared responsibility to fortify our digital system, not only from, let's say, the organizational side, but from the user side as well. And lastly, I want to recognize these value of the specialized high capacity DDoS protection systems, because usually you cannot avoid or fully mitigate IoT based DDoS attack because the high volume of the traffic. So there is services equipped to handle the scale and complexity of the attack in the IoT environments. So they provide an essential layer of the defense and can sustain more than several terabytes of attack. I think that's all for today. Thank you for your attention, and I'm ready to answer any of your questions. Thank you.
...

Andrey Slastenov

Product Manager Security @ Gcore

Andrey Slastenov's LinkedIn account



Join the community!

Learn for free, join the best tech learning community for a price of a pumpkin latte.

Annual
Monthly
Newsletter
$ 0 /mo

Event notifications, weekly newsletter

Delayed access to all content

Immediate access to Keynotes & Panels

Community
$ 8.34 /mo

Immediate access to all content

Courses, quizes & certificates

Community chats

Join the community (7 day free trial)