Securing DNS Against the Threat of Things

The Internet of Things (IoT) is big and growing rapidly. Gartner recently forecast that 8.4 billion connected “things” will be in use globally this year; set to increase to over 20 billion by 2020.

While likely to revolutionize how we live, work, and play, the IoT also presents a security challenge to the networks that support it.

Highlighting this threat, a US university campus with over 5,000 connected devices, including vending machines, was recently infected with malware that created a form of DDoS attack. Sending repeated and frequent DNS queries - which were predominantly related to seafood – the university’s servers were overloaded, and resulted in the IT network becoming slow and unresponsive.

The infamous DDoS attack on Dyn, provider of DNS services to many popular websites including Spotify, Twitter and PayPal, demonstrated the threat on a much greater scale. By hijacking millions of connected digital cameras and video recorders, the hacker was able to flood Dyn with junk queries, overloading its servers and leaving large swaths of the internet sluggish and, for some websites, completely inaccessible.

While taking different approaches, both attacks highlighted not only the importance of DNS, but also the vulnerability of this mission-critical piece of network infrastructure.

Botnet fodder

Often resulting in catastrophic system and network failure, there’s no question that DDoS attacks are a serious threat. Sustained attacks, as in the aforementioned Dyn case, can be particularly disruptive to an organization’s operation and processes – ultimately impacting its bottom line.

What makes DDoS attacks particularly concerning is the simplicity with which they can be generated by exploiting DNS infrastructure. Once in control of a system, a hacker can query name servers across the world, pretending to use the IP address of their target, so that the responses are sent to the target, causing the attack.

By employing a botnet of thousands of connected devices, a hacker can amplify the query in order to return the largest possible response, ultimately incapacitating the target.  What of these unassuming parties whose connected devices are deployed in DDoS attacks - to what extent are they responsible?

Is your device secure?

It’s not always clear if a device is vulnerable, and working out how to secure them can be even harder. Often the name on the label isn’t that of the manufacturer and, when it is, they rarely make it easy to change the password on these devices, if at all.

Many of the devices maliciously deployed in the Dyn attack, for example, were manufactured with common passwords that aren’t easy to change.

Selling to a consumer market which understands price better than the security risks posed by connected devices, many electronics firms prioritize creating IoT devices as cheaply as possible. And when writing secure code not only increases developer costs, but slows down the time-to-market, many IoT manufacturers take a lackluster approach to securing their devices.

So, with billions of insecure devices being deployed globally, we’re likely to see more and more powerful DDoS attacks exploiting ever greater botnets.

Securing the IoT

If we hope to improve the security of the IoT market and prevent future DDoS attacks from creating armies of connected devices, there are two concurrent approaches that must be taken.

Firstly, a minimum industry standard for connected devices must be established, as proposed by respected security journalist Brian Krebs, to provide a benchmark for password hygiene, remote accessibility and protocols.

Organizations must also take proactive steps to reduce their threat from and exposure to DNS-based attacks. Essential first steps include learning to recognize when the network is under attack and closely monitoring the internet-facing infrastructure to locate points of failure that could leave the network vulnerable.

Using virtualized servers in the cloud to overprovide existing DNS infrastructure is another easy and inexpensive way to mitigate the massive number of responses created during a DDoS attack.

Huge increase in queries

With every connected device requiring its own IP address, there is no question that the IoT will lead to a massive increase in DNS queries.

Bad actors are already harnessing the power of these devices to create botnets that can overwhelm not only one organization’s network, but wreak havoc on large chunks of the internet when targeting DNS service providers directly.

Therefore, it’s imperative that, as well as embracing the potential of the IoT, businesses take steps to remediate the risk posed to their DNS and avoid the crippling damage that DDoS attacks pose to their network, reputation, and – ultimately – their bottom line.

What’s Hot on Infosecurity Magazine?