The IoT (Internet of Things) is shaking up the networking space and paving the way for machine-to-machine (M2M) communication and automated processes. From connected cars and smart homes to remote surgery and robotics – the opportunity and potential is endless.
Recent figures indicate that there are an estimated 8.4 billion IoT devices in use, and the number is expected to reach over 20 billion by 2020. Today, IoT encompasses a vast technological umbrella and its deployment comes in many flavors. Chief among them are the managed use cases of Industrial Internet of Things (IIoT), and the unmanaged use cases of Consumer Internet of Things (CIoT).
Although IIoT can appear forbiddingly complex, security management is in fact easily achievable. The key here is a solution that controls the traffic stream between devices and the application(s), guaranteeing best-in-class service and ensuring protocol conformity. It is also crucial to secure communications via cryptography (TLS) and stateful security services (policing and vulnerability protection).
A key IIoT deployment challenge is the changing characteristics of traffic metrics. IIoT devices are massive in number, sessions are long (months or even years), and traffic volume is usually very low. Terminating idling sessions is not always an option. Indeed, the ‘always-on’ nature of some applications may result in a traffic storm within the network.
CIoT devices, which are usually unmanaged, include things like CCTV cameras, intelligent speaker systems, and wearables. When sitting behind a mobile broadband or fixed line subscriber CPE, it can be difficult to identify such devices in the network as communication relationships are not clearly defined.
The problem is accentuated by the fact that many smart devices are built on inexpensive chipsets that provide the networking protocol stack and, occasionally, an application layer. Manufacturers often avoid providing patches and sometimes even wash their hands of all responsibility once the device ships. This can cause significant disruption. According to the latest Threat Intelligence Report by F5 Labs, Europe is already a hotspot for Thingbots, which are built exclusively from IoT devices and are fast becoming the cyberweapon delivery system of choice for ambitious botnet-building attackers.
F5 Labs reported 30.6 million global Thingbot attacks between 1 January and 30 June 2017 harnessing devices using Telnet, a network protocol providing a command line interface for communicating with a device. This represents a 280% increase from the previous reporting period of 1 July to 31 December 2016. Hosting providers represented 44% of the top 50 attacking IP addresses, with 56% stemming from ISP/telecom sources.
Despite the surge, attack activities do not equate to the size of key Thingbot culprits Mirai and Persirai. 93% of attacks during F5’s reporting period occurred in January and February, with activity declining from March to June. This could indicate that new attacks are on the horizon as attackers move from “recon” to “build only” phase.
Unfortunately, we will continue to see massive Thingbots being built until IoT manufacturers are forced to secure these devices, recall products, or bow to pressure from buyers who simply refuse to purchase such vulnerable devices.
Against this backdrop, service providers are challenged with not only identifying infection activities but also mitigating outbound DoS attacks.
Traditional Layer 3 and 4 firewall rules are not as much help anymore. Robust behavioral analysis of traffic is now essential. This way, security devices learn the “normal” network baseline over time. Once a deviation is detected, a variety of activities are initiated. These could include creating an alert, which would trigger a manual mitigation process after human verification, or creating a dynamic signature for existing mitigation technologies to block detected anomalies.
Self-defending networks are integral to tomorrow's security architecture. In the meantime, responsible organizations can do their best to protect themselves by having a DDoS strategy in place, ensuring redundancy for critical services, and implementing credential stuffing solutions. It is also important to continually educate employees about the potential dangers of IoT devices and how to use them safely.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...