Opinion

How to Defend Against IoT-Based DDoS Attacks

A new variant of Mirai—the botnet that took down the Internet on most of the U.S. east coast in 2016—has now emerged, and it’s growing fast. Termed Echobot, the malware behind the botnet targets more than 26 vulnerabilities to propagate. Most agree that it has the potential to pose an even greater threat than Mirai, and cause significantly more damage

This is no surprise. Given the massive volume of unsecured devices comprising the Internet of Things (IoT), there was no question that Mirai would eventually have a successor. It wasn’t a matter of if, but of when.

If authorities are not able to quash Echobot before it grows large enough, we will see another incident similar to what happened with Mirai. Through the IoT, Distributed Denial of Service (DDoS) attacks have undergone a renaissance.  They are now easier to pull off than ever, requiring only that a criminal purchase the rights to use a botnet.

You read that correctly. Criminals don’t even need a modicum of expertise to successfully execute a DDoS attack. It’s no surprise that cybercrime-as-a-service is so lucrative, nor that it is so widespread. IoT-based botnets are capable of DDoS attacks more massive in scale than anything we’ve ever seen, attacks large enough that they can even bring large providers to their knees.

How exactly does one defend against something like that? 

First, implement a high-end DDoS mitigation service and hope that it’s enough. Ensure that business-critical services can scale horizontally in the event of an attack. Any software or service that is necessary for business operations should have multiple instances, each with the capacity to scale as needed. Cloud infrastructure can be incredibly helpful in this regard. 

Next, you might consider whitelisting as a means of reducing your attack surface. Close down any unnecessary ports, and take a zero-trust approach to network security.

Crisis management is also critical. 

If your business suffers a DDoS attack in spite of your best efforts, the most important thing is that you don’t leave your clients in the dark. Have a comprehensive response plan, which includes communication channels, frequency of communication, and clear roles and responsibilities for everyone involved.

Do everything in your power to keep people in the loop, and make them aware of the severity and scale of the incident. Make sure your support staff is available to assist client service issues and ensure your messages about the attack go out through multiple channels. 

Beyond that, it’s really just a matter of ensuring you don’t contribute to the problem.

The IoT will eventually become more secure and have an established framework, clear lines of responsibility, and protection against malware like Echobot. Until it does, all we can do is guard ourselves against IoT botnets, and pray we don’t find ourselves in their crosshairs.