Get ready for more IoT-fueled attacks, says panel at Light Reading security show in NYC.

Dan Jones, Mobile Editor

December 5, 2016

3 Min Read
IoT & the Cheshire Cat Syndrome: The New Face of Security Threats

NEW YORK -- Service Provider & Enterprise Security Strategies -- IoT malware attacks are likely to get more sophisticated and targeted as hackers learn from major events like the Mirai malware attack that took down Internet connectivity across the Eastern seaboard in October.

The Mirai attack was a major topic of conversation at Light Reading's security show in New York Thursday. In case you've forgotten, in October hackers used webcams and other Internet of Things (IoT) devices to marshal a wave of distributed denial-of-service (DDoS) attacks against Dyn, a company that manages Internet domain name hosting services. This, in turn, took down prominent websites like Twitter and Spotify, amongst others, for hours on the East Coast of the US.(See Attacks Have Major Internet Sites on the Ropes.)

It emerged that the hackers had taken advantage of default passwords used in devices like webcams. In fact, the Chinese vendor, Hangzhou Xiongmai, issued a recall for its webcams after the attack. (See When IoT Attacks! Cams Caused Huge Internet Outage.)

Our panelists said that they are expecting such attacks to get more powerful and evolved in the coming year. Hackers "will look for the easiest way to penetrate the networks with the most impact," said Galina Pildush, a consulting engineer at Palo Alto Networks Inc.

In fact, Deutsche Telekom AG (NYSE: DT) saw -- and shut down -- a similar attack that tried to infect customer routers with malware this week. Heavy Reading chief analyst Patrick Donegan suggested on the panel that this indicated that the threat level is "way up" if the carrier security mavens at DT got hit "with a sting like that." (See Eurobites: Deutsche Telekom Repels Malware Attack on Customers' Routers.)

"Our adversaries are better organized than we are on this side of the fence," acknowledged Jonathon Nguyen-Duy, vice president of strategic programs at Fortinet Inc.

"The outlook for nailing them is not that great, at least in the early stages," noted Chris Novak, director of the RISK team at Verizon Enterprise Solutions , during the session.

Is security your business? Click on Light Reading's security channel for all of the latest developments in this area.

The problem, as ever with security, is that the threat is constantly evolving, with dozens of variants of the Mirai malware arriving over the last month. "The variant word is key there," said Jason Boswell, head of security, IT and consulting for Ericsson. "It's not necessarily copycatting, it's more of a Cheshire catting."

There was also debate among the panelists about the best way to deal with these new and increasing threats. "The only way you can provide security is in the network, in the ecosystem itself," said Fortinet's Nguyen-Duy.

"It is really up to the carriers and network operators to defend their networks themselves... and that's not new," suggested Pieter Veenstra, senior product manager at NetNumber Inc.

Ericsson's Boswell suggests that industry standards bodies and trade groups need to work with vendors to persuade them to build better security measures into IoT devices. "Ninety percent of the ecosystem is not implementing that because of the race to market," he said.

Palo Alto's Pildush said everyone needs to take some responsibility for security and also won the best metaphor of the show award, saying that customers, vendors and operators were like three elephants balancing a sphere in security terms.

All panelists, however, agreed that the mass-market arrival of millions of IoT devices will signal a new wave of security threats. The Dyn attack, it was suggested, could have ended up being far more serious than was originally intended.

Now the cat is out of the bag about IoT-fueled DDoS attacks, though. "The next ones that we'll see will be very intentional and targeted," said Ericsson's Boswell.

— Dan Jones, Mobile Editor, Light Reading

About the Author(s)

Dan Jones

Mobile Editor

Dan is to hats what Will.I.Am is to ridiculous eyewear. Fedora, trilby, tam-o-shanter -- all have graced the Jones pate during his career as the go-to purveyor of mobile essentials.

But hey, Dan is so much more than 4G maps and state-of-the-art headgear. Before joining the Light Reading team in 2002 he was an award-winning cult hit on Broadway (with four 'Toni' awards, two 'Emma' gongs and a 'Brian' to his name) with his one-man show, "Dan Sings the Show Tunes."

His perfectly crafted blogs, falling under the "Jonestown" banner, have been compared to the works of Chekhov. But only by Dan.

He lives in Brooklyn with cats.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like