Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why IoT devices are the 'unusual suspects' in DDOS attacks

Clint Boulton | Oct. 28, 2016
While CIOs have shored up PCs and software systems for years, they should start to look at video conferencing systems, webcams and other inconspicuous network devices, which can be exploited to trigger devastating DDOS attacks.

Recent cyberattacks that harnessed digital devices to cripple websites confirm the concerns cybersecurity experts have long expressed about the threat posed by the internet of things (IoT). Many connected corporate devices, from VoIP phones and connected printers to smart video conferencing systems, have outdated firmware and can be hacked in minutes, according to new research from ForeScout Technologies.

"The IoT is the new battleground for security," says Pedro Abreu, chief strategy officer at ForeScout, which makes software to help companies find and protect devices on their networks. "It's where the entry points are that are really making you vulnerable."

CIOs have spent the past two decades using firewalls, antivirus and anti-malware tools to build protective moats around servers and PCs. But it's what Abreu calls the "unusual suspects" that can wreak havoc. Hackers are weaponizing digital cameras, video conferencing systems, DVRs and other Internet-connected devices, triggering massive distributed denial-of-service (DDOS) attacks that grind websites to a halt.

IoT devices are easily hackable

Enlisting an IoT device for a DDOS attack isn’t hard. ForeScout hired self-described ethical hacker Samy Kamkar to demonstrate how to hack and command an enterprise-grade security camera, which was unmodified and ran the latest firmware from the manufacturer.

Where danger lies
Where danger lies.

In less than an hour, Kamkar exploited the device's default password, gained root SSH access and planted a backdoor that will allow him to continue controlling the camera even if the administrator changes the password. He also installed a backdoor that enabled him to create an outbound connection to launch various attacks from the device.

"[The exploit] gives hackers full privilege and allows them to control the device completely, or use it as proxy to hit other systems in that network or even other organizations on the internet," Kamkar says. The camera can then be joined with thousands of other devices, coalescing in a botnet capable of launching a DDOS attack, Kamkar says.

If Kamkar's exploit sounds familiar it's because this was exactly the kind of DDoS attack that brought down Twitter, Feedly, Netflix, Spotify and several other websites last Friday. The attack exploited manufacturer-set passwords to enslave more than 100,000 webcams and DVRs in the Mirai botnet, which in turn bombarded the network infrastructure operated by internet address look-up service Dyn, preventing customers from reaching more than 1,200 domains. The Obama administration has vowed to take steps to mitigate these attacks.

fs 1
Think your network is secure? Think again. 

Abreu says that the Dyn attack prohibited ForeScout from accessing some of its corporate cloud services, including and Okta. It was an inconvenience, though Abreu said it would have been far worse if, for example, ForeScout's sales staff couldn't access their customer data in to complete a quarterly close.


1  2  Next Page 

Sign up for Computerworld eNewsletters.