Though Internet connection speeds are up and distributed denial-of-service (DDoS) attacks are down, there’s a new DDoS in town, Spike, that is showcasing critical vulnerabilities in corporate networks. Spike is the first toolkit that goes beyond desktops to simultaneously infect routers enabled by the Internet of Things (IoT).
And it’s spreading.
Power Tools
According to CSO Online, content delivery network Akamai Technologies found evidence of this new toolkit six months ago and managed to stop several attacks against Asian and U.S. corporations. The network also got a good look at the new kit and discovered a host of new power tools.
David Fernandez of Akamai’s PLXsert lab called the DDoS toolkit “pretty impressive” because it doesn’t just infect Windows systems, but also targets Linux- and ARM-based devices. That means everything from connected thermostats to light switches and security systems are potentially vulnerable.
What’s more, the toolkit isn’t small-scale: Akamai tracked one attack that peaked at 215 gigabits per second and 150 million packets per second, and a botnet controlling 12,000 to 15,000 devices was also found, according to Network World. In addition, Spike can attack multiple network endpoints at the same time using up to four unique command-and-control servers. This means SYN, UDP, GET and Domain Name Systems are equally vulnerable to massive attacks, and while no evidence was found of IoT infection, the fact that ARM and Linux were included with the kit suggests Windows-based breaches may only be a precursor.
Building a Better Kit Against DDoS Attacks
DDoS isn’t new. As noted by Defense.net, the first flood command (-f) in ping.c source code happened in 1990, and by 1997, toolkits were made public by attackers. Over the past year, however, the total number of these attacks decreased. According to Computer World (using data from Akamai’s 2014 State of the Internet Report), DDoS attacks decreased 15 percent year-over-year and in both Q1 and Q2 2014.
So what should companies make of toolkits like Spike or the recent attacks on the Facebook alternative Ello? Are they simply one-offs, or is the attack landscape shifting from sheer volume to more targeted efforts?
In fact, the rise of Spike isn’t surprising, nor are the Ello attacks. Just like the social media network, stories about IoT-based devices have been hot news lately, making them prime candidates for designer infections. Big news means big coverage of any breach, and new technologies often come with hidden vulnerabilities — exactly what malicious attackers love to sniff out.
Controlling the Flood
What can companies do to stop the spread of Spike and other new toolkits? Best practices from agencies like the National Security Agency and National Institute of Standards and Technology are good starting points, while Akamai argues for cleanup efforts from private and public institutions to remove Spike infections while they’re still few and far between.
But that’s just the first step. The rise of an IoT-targeting DDoS speaks to a need for information technology professionals to reimagine corporate networks as a community of device equals rather than a hierarchy. It’s a wake-up call: Controlling the DDoS flood means waterproofing the network from top to bottom, and when any device poses a risk, every device must be part of the security conversation.