FBI Suggests Precautionary Measures to Mitigate DDoS Threats and IoT Compromise

iot

The FBI has drawn attention to the vulnerability of internet of things devices, advocating for stronger measures to protect against DDoS attacks.

“The exploitation of the Internet of Thing to conduct small-to-large scale attacks on the private industry will very likely continue due to the open availability of the malware source codes for targeting IoT devices and insufficient IoT device security,” the agency warned.

In September, the hacker/s behind the Mirai botnet released the source code online, enabling hackers to create botnets and launch their own DDoS attacks.

Two large DDoS attacks using the Mirai botnet disrupted the operations of a computer security blogger’s website and that of a gaming server in September. Dyn, a domain name service (DNS) host and internet management company for more than 80 websites, was the target of two disruptive waves of DDoS attack using botnets leveraging zombie IoT devices infected with a variation of the Mirai malware.

Despite certain groups claiming responsibility, the FBI said it does not have any confirmation of a group or individuals responsible for the DDoS.

Some of the DDoS precautionary measures recommended by the FBI include the following:

  • Have a DDoS mitigation strategy ready ahead of time and keep logs of any potential attacks.
  • Implement an incident response plan that includes DDoS mitigation and practice this plan before an actual incident occurs. This plan may involve external organizations such as your ISP, technology companies that offer DDoS mitigation services, and law enforcement. Ensure that your plan includes the appropriate contacts within these external organizations. Test activating your incident response team and third party contacts.
  • Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
  • Review reliance on easily identified Internet connections for critical operations, particularly those shared with public facing Web servers.
  • Ensure upstream firewalls are in place to block incoming UDP packets.
  • Change default credentials on all IoT devices.
  • Ensure that software or firmware updates are applied as soon as the device manufacturer releases them.