The latest massive IoT DDoS attack from the Mirai botnet that took major websites like Twitter and Reddit offline for hours – has already gained notoriety as one of the worst DDoS strikes in history. In this webinar Manish Rai & Ty Powers of Great Bay Software will help you understand exactly how the enterprise IoT landscape is changing, and what it means for the assumptions organizations have been making in regards to safeguarding against IoT cyberattacks. You will: Gain insights into how the recent IoT-based DDoS attacks were launched How similar attacks could be launched inside enterprise networks How to safeguard against IoT device compromises How to reduce your risk, whose job is it anyway? Learn about what your peers are doing for IoT device security, relevant findings from the 2016 Great Bay Software IoT Security Survey Watch this ondemand webinar with this link: https://go.greatbaysoftware.com/owb-safeguarding-against-iot-ddos-attacks

1. IOT DDOS ATTACKS: THE STAKES
HAVE CHANGED
Manish Rai, VP of Marketing
Ty Powers, Principal Technical Product Manager
December 13th , 2016

2. 2
Recent News: IoT DDoS Attacks
• Mirai botnet infected est. 145K+ IoT devices on Internet
• Infected devices used to launch series of DDoS attacks
• There was follow-up attack in France that reached 1 Tbps
• Culminated in a serious widespread Internet outage
• Motive unclear, though ransom suspected

3. 3
Timeline of Attacks
Kerbs on Security
623 Gbps
9/20 10/21
Dyn
1.2 Tbps
French Provider OVH
1 Tbps
9/22

4. 4
9/20 : Krebs on Security Attack
• Mirai Botnet used in the attack
• September 20 attack reached 623 Gbps
• Previous record was 363 Gbps
• Krebs was a Akamai pro bono customer
• Akamai dropped Krebs website rather than take on a hard financial hit

5. 5
9/20 : Krebs on Security Attack
Top Sources
Brazil
Vietnam
China
South Korea
Romania
Russia
Colombia
Taiwan
United Arab Emirates
Source: Akamai

6. 6
10/21: Dyn Attack
• Attack began ~7:10 am ET, targeting East Coast servers
• Mitigated ~2 hours later
• Second wave began ~1:50 ET, global in nature
• Recovered ~1 hour later
• Small probing attacks next few hours/days
• Prevented without customer impact
Source: A depiction of the outages caused by today’s attacks on Dyn,
an Internet infrastructure company. Source: Downdetector.com.
http://hub.dyn.com/static/hub.dyn.com/dyn-blog/dyn-statement-on-10-21-2016-ddos-attack.html
http://www.cnbc.com/2016/10/21/major-websites-across-east-coast-knocked-out-in-apparent-ddos-attack.html

7. 7
“Mirai” Botnet
• Targeted IoT Devices: DVRs, IP surveillance cameras, and consumer routers
• Spreads like a worm, using Telnet and 60+ default username/ passwords to scan Internet for additional
IoT devices to infect
• Many of the devices are manufactured by XiongMai, with hardcoded username/passwords
• Botnet even blocks owners from communicating with it
• Capable of generating 10 types of attacks:
• 2 UDP, 2 GRE, 2 ACK, 1 SYN and 1 DNS flood
• 1 Valve Engine attack
• 1 HTTP flood attack that is configurable and can leverage any HTTP method.
• Static and randomized IP address spoofing in five of the 10 attack types

8. 8
Targeted Devices

9. 9
Great Bay Software Survey Results: Conducted before the IoT DDoS Attacks
Surveyed over 100 Enterprise Network Security Professionals
Goal: With the exponential growth of IoT devices (both
consumer/enterprise) connected to the enterprise network in 2016/17 our
aim was to understand:
• How will this effect enterprise endpoint security protocol and best practices?
• How are enterprises planning on accommodating for IoT devices?
• How will enterprises secure IoT & umanagable devices on their network compared
to the managed device types.

10. 10
Great Bay Software Survey Results: Conducted before the IoT DDoS Attacks
“71% of IoT Enterprise Security Professionals Not Monitoring IoT Devices In
Real Time”
“43% of those surveyed stated that they have no plans to accurately classify
every IoT device on the network and 28% plan to address the issue within the
next 6-12 months”

11. 11
Best Practices for Safeguarding your Enterprise against DDoS threats
• Be part of the solution, not the problem
• Protect yourself while protecting others
• Be good Internet citizens
• Know what’s on your network at all times
• What’s on my network?
• How long has it been there?
• Has it moved?
• Why is it on my network?
• What is it doing?
• Do I trust it?
Mirai-infected devices were spotted in 164 countries
Imperva, inc. - https://www.incapsula.com/

12. 12
Best Practices for Safeguarding your Enterprise against DDoS threats
• Harden networks against the possibility of a DDoS attack
• https://www.us-cert.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf
• Disable remote access to IoT devices if possible
• Remote access provides a conduit to vulnerable devices
• Disable/Limit protocol usage
• Disable unsecure protocols such as Telnet and FTP as possible
• Ensure that communication ports that should be open are
• Are SSH, Telnet and HTTP ports still open?
• Ensure proper network segmentation
• Reduce the available attack surface and limit the contamination
• Keep the perimeter intact
• Avoid Internet-facing endpoints and services where possible

13. 13
Best Practices for Safeguarding your Enterprise against DDoS threats
• Implement policies and procedures around new device adoption
• Endpoint certification/validation etc.
• Know the risks and weigh them against the benefits of IoT
• Minimum Security Baselines (MSB)
• Document and educate endpoint owners on proper configuration guidelines
• Control access to the network
• Limit network access to approved devices (Authenticate, Authorize, and Audit)
• Deploy real-time endpoint detection
• Know what’s connecting to the network and where
• Patch, patch, patch
• Patch early and patch often

14. 14
Whose Job Is it Anyway?
• Is IoT security the responsibility of the device manufacturer, the service
providers, or us…the consumer?
• All of the above!
• Gartner researchers predict that by 2020 we will have 25 billion
connected devices
• PricewaterhouseCoopers’ Global State of Information Security® Survey
2015 stated that more than 70 percent of connected IoT devices, such as
baby monitors, home thermostats, and televisions, are vulnerable because
they lack fundamental security safeguards
• This is MUCH more than an enterprise problem!

15. 15
Whose Job Is it Anyway?
• Device manufacturers
• Reuters reports that IoT device manufacturers such as Hangzhou XiongMai have said it will
recall some of the products it has sold in the United States, strengthen passwords and
send out a patches for some devices
• http://www.reuters.com/article/us-cyber-attacks-manufacturers-idUSKCN12O0MS
• In the race to be first (or early) to market, security has been lower priority in some cases
• CSO Online reported that many companies still think that if a device is not directly
accessible from the Internet, nobody needs to be concerned about its security.
• CSO online - http://www.csoonline.com/article/2983681/vulnerabilities/how-to-secure-the-
internet-of-things-and-who-should-be-liable-for-it.html
• Published FTC guidelines
• https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-
november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

16. 16
Whose Job Is it Anyway?
• Service Providers
• Provide DDoS prevention and protection services
• Consumer-grade providers can and possibly should provide hardening at the Point
of Presence as first line of defense
• IoT End Users
• As the device owners, we need to make certain that we’re doing all that we can to
prevent or at least not participate in attacks such as DDoS
• The Online Trust Alliance (https://otalliance.org/) has published an IoT security
checklist for consumers
• https://otalliance.org/system/files/files/initiative/documents/smartdevice-securityprivacy-
checklist.pdf

17. 17
ACT
SEE
TAKEAWAYS & QUESTIONS
IoT
Security
Monitoring
• Identity
• Behavior
• Location
Onboarding
• Authenticate Device
• Onboard Automatically
• Segment
Enforcement
• Alert
• Quarantine
• Block
Visibility
• Real-time Discovery
• Comprehensive Profiling
• Every Network

18. THANK YOU!
To learn more visit: greatbaysoftware.com
Request an IoT endpoint assessment:
https://go.greatbaysoftware.com/endpoint-
assessment-request