Whether it is a large-scale security breach like the Equifax attack or the KRACK Wi-Fi vulnerability, cybersecurity is going to be a key issue for providers and enterprises in 2018. While hackers will continue to look for network vulnerabilities inside large organizations, danger continues to loom inside unsecured IoT devices and from the rise of short intermittent network attacks.
Distributed denial-of-service (DDoS) attacks have been growing in power recently thanks in large part to what experts say are poorly secured IoT devices that are now being compromised and sold for use in DDoS command-and-control infrastructure. In some instances, these IoT-infused botnets have been used to silence security researchers investigating criminal activity.
The “Reaper” botnet is known to have already infected thousands of devices and is believed to be particularly dangerous due to its ability to use known security flaws in the code of those insecure machines. Like a computer worm, it hacks into IoT devices and then hunts for new devices to infect to spread itself further.
Experts say the security problem with IoT devices is likely to get worse. The rise of IoT devices over the past three years, according to AT&T, has driven a 3,198% rise in vulnerability scans.
Wi-Fi-enabled children’s toys are also becoming an issue. The “Teksta Toucan Electronic Toy,” according to Pen Test Partners, is the latest device they have found which can have its microphone and speaker connect to a Bluetooth audio device such as a phone or laptop computer. Security researchers are warning parents that toys that can listen and talk to children are vulnerable to hackers who can take over such devices’ electronics.
“The problem with these vulnerable devices is that there’s no regulation or mandates on how they should be protected,” said Stephanie Weagle, VP of marketing for security vendor Corero, in an interview with FierceTelecom. “These devices are being connected to the internet and being enslaved as bots for DDoS attacks.”
Businesses will also continue to be ripe targets for a growing tide of smaller, low-volume DDoS attacks of less than 30 minutes in duration. These “Trojan Horse” DDoS attacks typically go unmitigated by most legacy DDoS mitigation solutions but are frequently used by hackers as a distraction mechanism for additional attacks.
What’s becoming more troublesome for businesses are intermittent attacks that can distract IT departments from larger problems.
“We see these smaller attacks multiple times a day and we’re attributing a lot of that activity to the internet of things,” Weagle said.
Meanwhile, businesses continue to be victims of ransom denial of service (RDoS). In a typical RDoS attack, hackers send a letter threatening to attack an organization unless a ransom is paid by a deadline. Phantom Squad, a hacker group, began a widespread wave of RDoS threats in September, targeting companies throughout the U.S., Europe and Asia.
Service providers are acting to help businesses deal with these issues. Windstream recently introduced DDoS Mitigation Service, a turnkey solution that helps customers identify and address DDoS attacks in real time.
AT&T and CenturyLink are also stepping up to the DDoS service plate. AT&T’s FlexWare platform incorporates additional network connectivity and security applications, with its key supplier Ericsson being named as its first large-scale customer.
CenturyLink has also been actively engaged with government agencies and maintains a 24/7 presence within the U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center, where members jointly respond to all national disasters and emergencies, including cyber-related events.
You can expect these providers and others to present their wares to businesses that want a trusted partner to help guide and manage issues as they come up. But regardless of how a service provider or vendor protects consumers and businesses from cyberattacks, I think maintaining a hold on cybersecurity issues will require a collaborative effort between providers, vendors and government. This means that these domains will have to be proactive in trying to get in front of not only large-scale but also smaller attacks before they occur.