Biting the Hand that Feeds You: When IoT-Based Attacks Strike Service Providers

Be the Cyber Knight in Shining Armor: Protect Your Subscribers From Cyber Bullies
August 29, 2017
What to Expect at MWC Americas: IoT Takes the Stage
September 12, 2017

Biting the Hand that Feeds You: When IoT-Based Attacks Strike Service Providers

While we’re arming ourselves, our businesses and organizations against IoT-based attacks, few people talk about the damage they do to service providers. It’s something that gets overlooked, but the potential for causing detrimental impact is considerable.

Service providers can suffer particularly badly because:

  • They can be a target
  • Attacks can originate from within their own networks by their own subscribers
  • Attacks that target enterprises go through service providers that provide connectivity to these enterprises

In all three cases, when they fall victim to large IoT-based attacks, their services can be badly disrupted and this can have serious consequences for their business.

Furthermore, what’s important to remember is that service providers’ infrastructure serves millions of homes and consumers using multiple connected devices, and provides the networks for millions of businesses, organizations and utilities.  So when service providers take hits, we all get badly affected because they’re the people that connect us.

That’s why it’s critical that their infrastructure gets protection from IoT-based attacks just as much as our networks and end-points do. Let’s look at the threat that service providers face, and how best they can be protected.

How service providers get hit

The vulnerabilities of many IoT devices with little or no security settings exacerbate the security threat for network providers and users. Here are some examples of the three cases we’ve identified in which service providers suffer from attacks:

Service provider as the target       

In Germany, over 900,000 Deutsche Telkom domestic routers were knocked out of service by an attack. Deutsche Telekom’s broadband internet provision, its fixed telephony and TV services were all disabled for at least two days. Even after the attack was identified, many users were instructed to completely disconnect their routers while the problems were remedied. This is a clear example of the scale of such attacks, which presented a challenge to the reputation of Deutsche Telekom as a reliable provider, and doubtless caused significant financial losses.

Attacks originating from within service providers’ networks

Another example of service disruption experienced by a service provider took place in Singapore, where the attack started from an internal network. Service provider Starhub suffered an attack that caused a spike in traffic to its domain name servers. Starhub identified it as an IoT-based attack, deriving from customers’ infected webcams and routers. The incident knocked home broadband customers offline and Starhub considered it to be an intentional and likely malicious attack that was unprecedented in scale, nature and complexity.

We can see why the threat of attacks initiated by IoT devices deployed within service providers’ own network is a grave concern. And it’s worsened by the probability that when something like this is identified, service providers can get blacklisted. This can effectively render their service provision useless, at least while their issues are addressed, which of course is hugely detrimental to their business and their reputation as a reliable provider.

To compound the situation further, most DDoS protection systems don’t even look at outbound traffic. So even though service providers may think they have all the protection in place, their current security apparatus wouldn’t catch such an attack. IoT necessitates a change in the way we think about protection and in fact, DPI-based security will have an increasingly important role to play.

It’s not just IoT that poses a threat to service providers. Android-based mobile phones can be the launch pad for serious attacks. Most recently,  a potentially massive DDoS attack caused by Android-based malware, WireX, was thwarted when researchers from a coalition of organizations identified and stopped its attempts to disrupt a variety of industries. An analysis of the attack data showed that it came from infected devices in more than 100 countries. Google removed 300 Android apps from its mobile app store because they were being used to infect Android devices and draft them into the WireX botnet.

Obviously these devices were connected to the network through a service provider that can have many such devices within its network

Attacks on enterprises affecting service providers’ networks

Last year’s massive Mirai attack against DNS system provider Dyn typified how other enterprises can be affected when an attack emerges from a service providers network. A long list of big-name organizations were affected, including Amazon, the BBC, Netflix, PayPal, Twitter and VISA, among others. Everyone focused on these victims, but few talked about the service providers who also had to suffer the disabling effects of the large 1.2 Tbps attack.

Incidents like all of these have serious repercussions both in terms of compromising the quality of experience that service providers deliver, and diminishing their bottom line, because they jeopardize their network security, cast doubt on their reliability and subscribers may seek assurance from competitors and migrate to rival providers.

Overcoming the challenge

These major attacks show how a compromised IoT deployment can impact the very infrastructure it relies upon for connectivity. They demonstrate that the disruption faced by service providers can’t be neglected.  What we can learn from them is that we need to provide security solutions specifically developed for service providers. These solutions should include a combination of carrier grade threat mitigation techniques with full visibility into traffic that enables traffic behavior analysis to support the identification of malicious devices.

Once they have been identified, service providers have the understanding with which to stop threats, both inbound and outbound. Then they can implement the necessary security measures such as whitelisting, traffic limitation and control and the quarantine of infected traffic, in order to most effectively protect their infrastructure from serious disruption.

There’ll be more about this in my next blog post, but in the meantime, learn more about Allot IoT defense for service providers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Open Popup
  • Why not subscribe to our blog?

    Click to receive our newest blog posts directly to your inbox.