WRECK Vulnerabilities Highlight the Need for DNS Security in IoT Environments
In today’s digital economy, the number of devices connecting to the network is increasing exponentially. According to Gartner, 2020 saw 20.6 billion connected devices with smart cities and connected healthcare topping the list of types of IoT environments. The Internet of Things (IoT) comprises four aspects – the devices or things that are connecting to the Internet, infrastructure needed to actually connect these devices, the data that flows from these devices to backend systems and the analysis done on this data for making better business decisions. IoT devices are often found at the production or “operations edge” of a business, especially when it comes to industrial IoT like smart lighting, smart grid, smart factories and the like. IoT deployments can be complex and several aspects like security and efficient management need to be taken into consideration for success.
What the recent WRECK vulnerabilities showed was that there is an increased risk of compromise when it comes to IoT. Earlier this week, it was discovered that more than 100 million connected IoT devices could be potentially at risk from nine newly disclosed DNS vulnerabilities, collectively dubbed as WRECK. The scale of exposure highlights the impact of vulnerabilities in DNS. DNS is the lifeblood of digital connectivity and without it, nothing can get online. It’s the foundation for all networks including IoT devices. For successful security of IoT environments, it is critical for organizations to look at an enterprise grade DNS security solution to protect against DNS-based DDoS attacks, close DNS security gaps such as DNS-data exfiltration and use built-in DNS security to disrupt malware activity and the ability of attackers to infiltrate an organization.
When it comes to security in IoT deployments, early detection and response is critical because of increased complexity and scale.
• IoT increases the attack surface. As more and more of these devices connect and exchange information, the greater the impact of a successful attack.
• IoT devices forming botnets are a common concern and have been used in the past to launch high bandwidth DDoS attacks.
• Service theft by jamming smart meters with malware to steal electricity is another example of how IoT devices can be misused by bad actors.
A robust DNS security solution can provide a layer of protection for IP enabled IoT devices and IoT gateways:
• By using highly accurate, curated threat intelligence, DNS can proactively detect and block communications from IoT devices to malicious sites. It effectively stops botnets from forming and launching attacks. It also provides detailed threat investigation tools to get context around threats and take action in minutes, not hours.
• As more and more data is exchanged between IoT devices and backend systems, there is a greater risk of data exfiltration. Using advanced behavioral analytics to detect and block DNS based data exfiltration and DNS tunneling, including methods that have well known signatures as well as those that don’t, can significantly reduce the risk of data exfiltration.
• In IoT deployments, it is important to implement security tools that work with other existing controls already in place to ensure an integrated approach to detection and remediation, and an integrated DNS security solution can provide that.
• DNS is also a common DDoS attack vector and any disruption to the DNS service could mean downtime, which no business wants. Rule based DNS DDoS mitigation integrated into external or internal DNS can minimize the impact of such attacks and keep the service running.
In general, following good network hygiene, using policy rules to protect against incoming threats and blocking unnecessary external access to IoT devices that don’t need it should be best practice and followed.