Securing DNS against threats from the Internet of Things

The sheer scale of the Internet of Things (IoT) is incredible. A recent forecast by Gartner suggests that 8.4 billion connected “things” will be in use across the world this year; a figure set to rise to over 20 billion by 2020.

However, while the IoT looks likely to revolutionise the way we live, work, travel and play, it could also represent a threat to the IT networks that support it.

Over 5,000 connected devices on a US university campus, including vending machines, were recently infected by malware that caused a form of DDoS attack.

Repeated and frequent DNS queries – most of which were related to seafood – were sent, overloading the university’s servers, and causing its IT network to become slow and unresponsive.

>See also: Major sites shut down by DDoS attack after taking over smart devices

Only a few months prior to this, a hacker was able to hijack millions of connected digital cameras and video recorders to launch a DDoS attack on Dyn, provider of DNS services to a number of popular websites such as Twitter, Spotify and PayPal.

By flooding Dyn with junk data, the attack led to large parts of the internet becoming sluggish and, in some cases, inaccessible.

Both attacks, although different in their approach, highlight both the importance and vulnerability of DNS, a mission-critical piece of network infrastructure used by all organisations, and without which networks are unable to function.

A botnet of connected devices

There’s no question of the seriousness of DDoS attacks, which can result in catastrophic network and system failure.

Sustained attacks in particular, such as that experienced by Dyn, can be very disruptive to a company’s operations and processes, and can ultimately affect its bottom line.

>See also: The security challenges with the Internet of Things

The simplicity with which DDoS attacks can be generated using DNS infrastructure is what makes them so concerning. After taking control of a system, hackers will use a spoof IP address of their target to send queries to named servers across the internet which, in turn, will send back responses.

The attacker is able to amplify the query to return the largest possible response, often by employing a botnet of thousands of computers or, in the examples above, connected devices, to incapacitate the target. However, the responsibility for these attacks needn’t always lay with the owners of the connected devices.

Device security isn’t always a priority

It isn’t always clear whether a particular device is vulnerable. The name on the label isn’t always the name of the manufacturer, for example, and these manufacturers tend not to make it easy – or in some cases, possible – to change the passwords on these devices.

Some of the devices exploited for use in the Dyn attack, for instance, were manufactured with predictable passwords that aren’t easily changed.

Too many electronics firms want to make their IoT device as cheap as possible. And security can be expensive, as paying developers to write secure code might mean that a device is not only costly, but late to market. As a result, many IoT manufacturers don’t prioritise security when building their devices.

Indeed, during this year’s Mobile World Congress in Barcelona, more than 493,000 devices in the city, including 22,000 webcams, were found to be vulnerable to attack.

It’s an unfortunate fact that, unless security does start to become a priority when building connected devices, there’s a good chance we’ll see more DDoS attacks using ever larger IoT botnets

Improving security in the IoT

There are two concurrent approaches we should take if we hope to improve security in the burgeoning IoT market, and prevent further DNS-based DDoS attacks using botnets of connected devices.

The first is to look at establishing industry minimum standards for connected devices, such as that suggested by security journalist Brian Krebs, which would include standards for remote accessibility, protocols, and password hygiene.

>See also: 4 sectors vulnerable to IoT attacks in 2017

The second is for organisations themselves to take steps to reduce their DNS threat level and massively reduce their exposure to attacks.

Such steps include learning to recognise just when an attack is taking place, and scrutinising their internet-facing infrastructure to identify any potential points of failure that might leave the network vulnerable to attack.

Thought should also be given to overproviding existing DNS infrastructure through the use of virtualised servers in the cloud. Both inexpensive and easy to trial prior to an incident, such a process can mitigate the huge number of responses that result from a DDoS attack.

Huge increase in queries

Every connected device has its own IP address and, as a result, the IoT is going to lead to a huge increase in DNS queries.

Unfortunately, as we’ve seen, bad actors are already beginning to exploit these to create botnet armies of devices that can overwhelm an organisation’s DNS and wreak havoc on its IT network.

>See also: IoT security needs to be enhanced

While there’s no argument that businesses shouldn’t embrace the wealth of opportunities offered by the IoT both now and in the future, they must also be aware of the potential threats that it can represent, and ensure that their DNS is protected from the damage that a DDoS attack can cause to their network, their reputation, and their bottom line.


Sourced by Dr Malcolm Murphy, technology director, Western Europe, Infoblox

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...