'Rise of the Machines': the growing DDoS attack threat

The Mirai IoT botnet has inspired a renaissance in adversarial interest in DDoS botnet innovation based on the lack of fundamental security-by-design in the Internet and in IoT devices, and based on the lack of basic cyber security and cyber-hygiene best practices by Internet users.

In this publication, entitled Rise of the Machines: The Dyn Attack Was Just a Practice Run, the Institute for Critical Infrastructure Technology provides a comprehensive and detailed analysis of this threat which has forced stakeholders to recognise the lack of security by design and the prevalence of vulnerabilities inherent in the foundational design of IoT devices. Specifically, this report contains:

• A concise overview of the basic structure of the Internet, including key players and protocols (ISO OSI, TCP/IP)
• The anatomy of a Distributed Denial of Service Attack (DDoS) including details on Constructing Botnets, Conventional vs. IoT Botnets, Launching a DDoS Attack, and DDoS-as-a-Service
• An overview of the Mirai Incidents including KrebsonSecurity, OVH ISP, Dyn, Liberia, Finland, the Trump/Clinton Campaigns, WikiLeaks and Russian Banks
• The evolution of IoT malware including profiles on Linux.Darlloz, Aidra, QBot/Qakbot, BASHLITE/Lizkebab/Torlus/gafgyt, and Mirai
• A discussion on the sectors at greatest risk including the financial, healthcare and energy sectors
• Recommendations and remediation to combat this threat

Readers are invited to join ICIT at its upcoming 2017 Winter Summit to learn more about some of the concepts discussed in this publication.

This report was authored by James Scott (Senior Fellow, ICIT) and Drew Spaniel (Researcher, ICIT) and is available for download below: