DDoS and IoT Nightmares | The Cybrary Podcast Ep. 32

This episode features Richard Hummel, manager of threat research at arbor networks. Mike Gruen, CISO at Cybrary, discusses with Richard the changing landscape of IoT devices as it relates to cyberspace and COVID 19. There has been an influx of people coming and staying online as a result of the pandemic; this includes online video games. Richard discusses how gaming and gambling platforms have become the biggest targets for DDOS attacks. Gamers can even pay a small fee to malicious users to have them compromise an opponent's system in an effort to win. As a result, service assurance becomes a necessity to those that constantly use home networks that are more at risk.

Hummel continues to explain the risks in the evolving field of IoT: companies and manufacturers have no oversight to ensure secure devices. The industry leans towards usability, speed of production/distribution, and minimal costs. The resulting landscape is a field of vulnerable IoT devices that we have today and continues to grow. Consumers purchase these devices and connect them to their home networks. Some bring these vulnerable devices to their workplace through bring-your-own-device-policies. Hummel claims that brute force is still a major technique used to compromise IoT devices. This proves successful because users often do not or cannot change the default privacy setting on their connected devices. Moreover, lack of storage space on certain devices can prevent critical updates from being installed.

However the hacker gains access to the IoT device, it could then be used as part of a botnet that targets individuals or even larger organizations. Added to this issue, malicious actors are evolving in their tactics and motive when executing DDOS. Specifically, attackers are diversifying their attack vectors for financial gain or notoriety.

Richard Hummel closes with an anecdote about Mirai malware which highlights the growing concerns expressed throughout the episode.