Internet of Things will open up new online security loopholes
The country's pioneer Distributed Denial of Service (DDoS) mitigation services provider IPC (IP Converge Data Services, Inc.) recently sounded the alarm on the increased risk of internet attacks via a new vector, based on a recent report by their partner in DDoS defense, Nexusguard.
“The Internet of Things (IoT) poses a looming threat on online security and could lead to increased Distributed Denial of Service (DDoS) and other cyber attacks. Now more than ever, it will be easier for hackers to cause breaches in Internet security,” said IPC Director for Product Management & Marketing Niño Valmonte.
The Internet of Things is defined as the network of physical objects or "things" embedded with electronics, softwares, and sensors, and is seen to increase the value and service of connectivity via the automation of the exchange of data between the manufacturer, operator and other connected devices.
“This will pose a challenge to the Philippine IT field, considering that the eventual widespread acceptance of IoT will impact how defense strategies are designed in mitigating attacks from that source,” Valmonte added.
“We saw how bandwidth-level DDoS attacks, the insertion of intrusion code, and routine outages were the norm in 2014 worldwide,” Nexusguard Chief Scientist Terrence Gareau noted. “But this 2015, we see the rise of zero-plus attacks like Heartbleed and Shellshock where a hacker can turn a web server into a DDoS attack bot in less than 24 hours. Other expected trends include multi-vector attacks, amplified reflective attacks and more.”
With more and more devices becoming interconnected with each other such as smartwatches, smartphones, baby monitors, and home security systems, coupled with the security, physical and software limitations inherent in these devices, it becomes all too easy to launch intrusion probes and outright attacks on these inter-linked devices. Once that happens, hackers can turn these compromised devices into infection platforms by simply injecting them with malware, which in turn can be easily spread onto the Internet network that these devices are connected to, and used to launch attacks against selected targets.
Security holes in the IoT linkage could conceivably lead to increased bandwidth attacks that can lead to massive overloads on the internet, stressing the worldwide system into tripping into a global outage. Essential internet core functionalities can be compromised; for example, concerned hacks on Domain Name Systems (DNS) and Border Gateway Protocol (BGP) can cause the rerouting of internet traffic into compromised sites for malware infection, or worse, lead to outright outages.
The increasing sophistication of the attacks is seen to still ride on the use of DDoS as a vector of delivering malware. But with the development of new platforms such as IoT, cyber attacks will become easily amplified, leading to a deeper and broader impact on how we interact over the world wide web.
IPC and Nexusguard started their partnership early last year to provide cloud-based anti-DDoS technologies for Philippine enterprises, helping properly setup defense mechanisms and develop mitigation strategies to guard against the proliferation of cyber attacks.