Hackers are weaponizing unsecured IoT devices that talk with one another, creating a massive zombie army or botnet. A DDoS can take down a website, or even launch an internal SSDP amplification attack aimed at compromising network bandwidth.
- [Narrator] Many times it's the human factor that plays a key role in a cyber attack. However, because of the many IoT vulnerabilities hackers are now able to weaponize IoT devices to become a part of a massive zombie army. A Denial of Service attack is a unique attack, which their efforts are to interrupt or suspend services for any length of time. A plain old Denial of Service attack is not effective anymore.
Although at one point in time, they were. What is more effective is a Distributed Denial of Service attack. This is more effective because it uses zombie armies or botnets that hackers can control remotely. DDoS attacks are difficult to defend against. A Distributed Denial of Service attack cannot only take down a website, but it can compromise the devices that are essential to the health and well-being of individuals, such as health care and the electrical grid.
In the Fall of 2016, a number of DDoS attacks causing major sites, such as Twitter, PayPal and Verizon to malfunction, with IoT as the main player. The attacks were possible due to unsecured devices that talk with one another, collectively creating a botnet. Today hackers are using the lesser known protocols in DDoS attacks, as they're more successful in bypassing firewalls and other defense methods, which generally monitor for the com protocols, such as TCP, IP, and ICMP.
One such protocol is Simple Service Discovery Protocol. IoT devices use SSDP to advertise and discover other plug and play devices. It's an HTTP-like protocol that uses M-SEARCH and NOTIFY methods. A DDoS using SSDP is an Internal Network Attack. Hackers develop scripts that scan for the Universal Plug and Play enabled devices using M-SEARCH request packets.
The goal is to gather replies from vulnerable devices that reply to the initial discovery packet request. The next step is to poison the devices to become reflectors for the DDoS attack. M-SEARCH request packets generate many replies and the amplification will depend on the contents of the description file in the NOTIFY packet. In a packet analysis tool, you can see the signature the amplification attack, as the length in each response packet will amplify or increase.
Let's take a took. You can see the length of the first packet is 469, the second is 478, the next 515, and then following that 519. These are all from the same device. Each time they get a little larger and they do it fairly quickly. Then it does it again. That same device will notify and the length will increase, 469, 478, 515, 519.
In this attack the destination address is 184.108.40.206, which is a multicast address, and this may be able to pass through routers and propagate throughout an entire network. An internal SSDP amplification attack will consume bandwidth and slowly choke a network, so that all traffic is significantly more sluggish.
DDoS attacks are a serious threat. At any given time, many DDoS attacks are taking place all over the world. Let's take a look. I'm at this website, Digital Attack Map, and it shows top daily DDoS attacks worldwide. Here you see the date is set at June 12, 2017. I did go and mark it on the date of the DDoS attack, last fall.
Here you can see the date of October 20, 2106, where this massive Mirai Bot took place. The potential of harnessing hundreds of thousands of internet of things can create an effective botnet capable of launching a massive DDoS attack.
In this course, join Lisa Bock as she explores the relationship between security, privacy, and the IoT. Lisa discusses how the vulnerabilities in IoT devices have the potential to compromise user privacy and make them more susceptible to attacks and glitches. In addition, she discusses IoT privacy concerns; existing standards, regulations, and guidelines, such as HIPAA and Sarbanes-Oxley; and proposed standards and legislation that are currently in the works to ensure the privacy of the data collected on the IoT.
- Security, privacy, and the IoT
- Attacks and glitches
- Denial-of-sleep attacks
- Voice and sound attacks
- IoT vulnerabilities
- Glitches and compatibility issues
- Privacy concerns
- Existing standards and regulations
- Proposed standards and legislation
- Firewalls and IDS