Win the Battle Against Connected Devices with DNS Security

11 April 2017

Battling connected IoT devices with DNS securityConnected cameras, vending machines and light bulbs have become the unexpected vectors of the latest cyberattacks. These are just the beginning of a long list of Internet of Things devices used by hackers to take down businesses or steal data. But where should the blame lie for this new threat?

The promise of connected devices was one of a better life. We loved the idea of making things easier with access to more services at the same time. Manufacturers also saw a huge opportunity in that trend for new business, so everyone was happy. We didn’t stop to think these devices could be the very things that offer industrious hackers new opportunities to achieve their objectives.

Deadly connected devices

‘How dangerous is my connected fridge?’ The obvious answer is not deadly at all. However, as soon as an operating system is running, it must be secured from internal or external threats. So, whether it’s a fridge or printer, any system we connect to a network should have enough security to not let anyone gain unauthorized access to it.

IoT devices are connected to at least a local network, and very often to the Internet, to provide their services. Considering that’s exactly what they were created for, it’s surprising we did not prepare our networks for this influx.

Clearly, connected device manufacturers need to do a better job in providing more secure software. If they are not IT specialists themselves, they must work with experts to make sure they don’t sell millions of vulnerable devices which can be used by cyber criminals.

Given the risks, IT teams need to think about how they secure their network. Today everything is IP-based, so the DNS server is critical for all applications (especially since 91% of malware are using DNS to carry out campaigns).

The route to business data

The DNS server is the easiest component for hackers to target and use as a launchpad for attacks.

Here’s how it works:

1. A DNS server answers a request to let an application or user to connect to something. The DNS request can be issued internally from a local network within an organization or externally from the network to find the information requested by the user or application.

2. Connected devices infected by malware send requests to the internal DNS and flood them until they are not able to respond, resulting in the inability of user-end applications to carry out work.

Let’s look at Dyn, for example. Hundreds of thousands of infected devices started to flood the cloud-based DNS provider’s infrastructure last fall, and removed thousands of sites and applications from being accessible to the Internet. Despite being protected with security solutions, it was not enough to protect this crucial network component. Given the importance of this service, it must be secured correctly and a legacy firewall will not do the job. Most existing security solutions are not efficient to secure network services. They have not been developed to understand or analyze DNS protocol on a deeper level, and are not protecting them correctly.

Security vendors and IT departments must re-plan – otherwise someone needs to explain why organizations suffered dramatic damages such as business interruption and data loss from a connected device attack we all knew could happen…

DNS as the front line of defense

These vendors and consumers must take a proactive approach. If IoT devices can’t be completely secured, the impact of any attack generated through them must be limited. Volumetric attacks, where the server is flooded with malware requests, force network departments to make sure their DNS infrastructure can support a huge workload.

A properly configured DNS server should understand what is happening at the time of query, and filter good from non-legitimate traffic to mitigate an attack, even if the size of the attack is small and below the radar of traditional solutions. The DNS server should also be able to detect when hackers are trying to exfiltrate data through them. Our own research reveals 20% of organizations suffered data exfiltration this way.

This new enemy could come in many shapes and sizes, from televisions to baby monitors. However, it can easily be defeated. If the right protection is put in place, we can take back control of our much-loved devices. If we don’t, we risk major damages from the very things designed to make our lives easier.