Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Companies must counter DDoS attacks via webcams and routers with a strategic approach

November 2016 by Dennis Monner, CEO of Secucloud

After the biggest DDoS attack of all time was
reported in late September, cyber-criminals wasted no time in mounting their next
operation. Less than a month later, a further broad-based attack crashed major
online services including Twitter, Spotify, Netflix and PayPal. As before, a large
number of smart devices connected via the internet of things (IoT) were hijacked to
mount the attack. They included everything from video recorders to home-based
routers and manipulated webcams. These crimes are becoming more and more frequent,
demonstrating that cyber-criminals have understood that the huge number of smart
devices has the potential to cause major damage. After all, most connected devices
are almost (or even completely) unprotected. This is why companies and individuals
need to rethink the way they protect their devices. They need a strategic approach
that starts from the internet itself – not the device.

A quick glance at the current situation shows that protecting connected objects
looks like a Herculean task. In a rush to follow the trend towards digitalisation,
more and more companies are internet-enabling their products. Yet this produces a
challenge in that companies who until now have made their name producing coffee
machines or fridges have suddenly become IT companies – and often they are not
equipped for that. As a result, devices in today’s IoT market include a wide range
of software and communication protocols. Rather than adhering to unified standards,
device manufacturers are simply doing their own thing. Yet this makes it
significantly more difficult to protect their devices efficiently.

A further problem is that most web-enabled objects are not designed to have security
software installed on them. The manufacturers’ priority is often to get the smart
device on the market as fast as possible and security is lower down the priority
list – or not on it at all. The fact that these manufacturers are not used to
dealing with IT in their devices makes everything more difficult.

IoT protection from the cloud

As it is practically impossible to protect every device individually – from both
the technical and economical viewpoint – it is clear that we need to take a
higher-level approach to IoT security and see it as a strategic issue. The explosion
in the number of web-enabled devices now makes it essential to centralise
protection.

Cloud-based protection can be installed directly into the infrastructure in place at
telcos as well as mobile and other service providers. This approach ensures that the
threat cannot reach the device in the first place. There is no need for customers to
install software and any smart device can be protected, even if it does not permit
any software modifications. That stops cyber-criminals from infecting devices and
also limits the damage by those that may already have been compromised –
regardless of their type or the software and standards they use.

Using this approach, Secucloud is currently working with several large telcos and
mobile providers –including T-Mobile in the Netherlands – to fight botnets and
DDoS attacks. We have also recently started offering these firms an IoT anti-bot
package that they can use to protect their customers’ smart devices from
cyber-attacks.

Hackers planning a cyber-attack balance the cost against the benefit. If the cost of
attacking a specific target is too high for the benefit they want, the target
quickly becomes unattractive. By expanding cloud-based protection, cyber-criminals
have fewer ways to attack and infect masses of IoT devices relatively quickly and
easily. That, in turn, reduces the potential for broad-based DDoS attacks like those
we have seen on IoT devices.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts