Connect with us

Expert Speak

WRECK Vulnerabilities Highlight the Need for DNS Security in IoT Environments

Published

4 years ago

on

Written by Krupa Srivatsan, Director of Product Marketing at Infoblox

In today’s digital economy, the number of devices connecting to the network is increasing exponentially. According to Gartner, 2020 saw 20.6 billion connected devices with smart cities and connected healthcare topping the list of types of IoT environments. The Internet of Things (IoT) comprises four aspects – the devices or things that are connecting to the Internet, infrastructure needed to actually connect these devices, the data that flows from these devices to backend systems and the analysis done on this data for making better business decisions. IoT devices are often found at the production or “operations edge” of a business, especially when it comes to industrial IoT like smart lighting, smart grid, smart factories and the like. IoT deployments can be complex and several aspects like security and efficient management need to be taken into consideration for success.

What the recent WRECK vulnerabilities showed was that there is an increased risk of compromise when it comes to IoT. Earlier this week, it was discovered that more than 100 million connected IoT devices could be potentially at risk from nine newly disclosed DNS vulnerabilities, collectively dubbed as WRECK. The scale of exposure highlights the impact of vulnerabilities in DNS. DNS is the lifeblood of digital connectivity and without it, nothing can get online. It’s the foundation for all networks including IoT devices. For successful security of IoT environments, it is critical for organizations to look at an enterprise-grade DNS security solution to protect against DNS-based DDoS attacks, close DNS security gaps such as DNS-data exfiltration and use built-in DNS security to disrupt malware activity and the ability of attackers to infiltrate an organization. 

  • When it comes to security in IoT deployments, early detection and response is critical because of increased complexity and scale.
  • IoT increases the attack surface. As more and more of these devices connect and exchange information, the greater the impact of a successful attack. 
  • IoT devices forming botnets are a common concern and have been used in the past to launch high bandwidth DDoS attacks. 
  • Service theft by jamming smart meters with malware to steal electricity is another example of how IoT devices can be misused by bad actors.

A robust DNS security solution can provide a layer of protection for IP enabled IoT devices and IoT gateways:

  • By using highly accurate, curated threat intelligence, DNS can proactively detect and block communications from IoT devices to malicious sites. It effectively stops botnets from forming and launching attacks. It also provides detailed threat investigation tools to get context around threats and take action in minutes, not hours.
  • As more and more data is exchanged between IoT devices and backend systems, there is a greater risk of data exfiltration. Using advanced behavioral analytics to detect and block DNS based data exfiltration and DNS tunneling, including methods that have well known signatures as well as those that don’t, can significantly reduce the risk of data exfiltration.
  • In IoT deployments, it is important to implement security tools that work with other existing controls already in place to ensure an integrated approach to detection and remediation, and an integrated DNS security solution can provide that.
  • DNS is also a common DDoS attack vector and any disruption to the DNS service could mean downtime, which no business wants. Rule based DNS DDoS mitigation integrated into external or internal DNS can minimize the impact of such attacks and keep the service running. 

In general, following good network hygiene, using policy rules to protect against incoming threats and blocking unnecessary external access to IoT devices that don’t need it should be best practice and followed. 

Related Topics:
Continue Reading

Artificial Intelligence

How AI is Reinventing Cybersecurity for the Automotive Industry

Published

4 weeks ago

on

April 23, 2025

By

Written by Alain Penel, VP of Middle East, CIS & Turkey at Fortinet (more…)

Continue Reading

Cyber Security

Positive Technologies Study Reveals Successful Cyberattacks Nett 5X Profits

Published

2 months ago

on

March 25, 2025

By

Positive Technologies has released a study on the dark web market, analysing prices for illegal cybersecurity services and products, as well as the costs incurred by cybercriminals to carry out attacks. The most expensive type of malware is ransomware, with a median cost of $7,500. Zero-day exploits are particularly valuable, often being sold for millions of dollars. However, the net profit from a successful cyberattack can be five times the cost of organizing it.

Experts estimate that performing a popular phishing attack involving ransomware costs novice cybercriminals at least $20,000. First, hackers rent dedicated servers, subscribe to VPN services, and acquire other tools to build a secure and anonymous IT infrastructure to manage the attack. Attackers also need to acquire the source code of malicious software or subscribe to ready-to-use malware, as well as tools for infiltrating the victim’s system and evading detection by security measures. Moreover, cybercriminals can consult with seasoned experts, purchase access to targeted infrastructures and company data, and escalate privileges within a compromised system. Products and tools are readily available for purchase on the dark web, catering to beginners. The darknet also offers leaked malware along with detailed instructions, making it easier for novice cybercriminals to carry out attacks.

Malware is one of the primary tools in a hacker’s arsenal, with 53% of malware-related ads focused on sales. In 19% of all posts, infostealers designed to steal data are offered. Crypters and code obfuscation tools, used to help attackers hide malware from security tools, are featured in 17% of cases. Additionally, loaders are mentioned in 16% of ads. The median cost of these types of malware stands at $400, $70, and $500, respectively. The most expensive malware is ransomware: its median cost is $7,500, with some offers reaching up to $320,000. Ransomware is primarily distributed through affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants in an attack typically receive 70–90% of the ransom. To become a partner, a criminal must make a contribution of 0.05 Bitcoin (approximately $5,000) and have a solid reputation on the dark web.

Another popular attack tool is exploits: 69% of exploit-related ads focus on sales, with zero-day vulnerability posts accounting for 32% of them. In 31% of cases, the cost of exploits exceeds $20,000 and can reach several million dollars. Access to corporate networks is relatively inexpensive, with 72% of such ads focused on sales, and 62% of them priced at under a thousand dollars. Among cybercriminal services, hacks are the most popular option, accounting for 49% of reports. For example, the price for compromising a personal email account starts at $100, while the cost for a corporate account begins at $200.

Dmitry Streltsov, Threat Analyst at Positive Technologies, says, “On dark web marketplaces, prices are typically determined in one of two ways: either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4% of the transaction amount, with the forums setting the rates.”

Considering the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the cost of their preparation. For a company, such an incident can result not only in ransom costs but also in massive financial losses due to disrupted business processes. For example, in 2024, due to a ransomware attack, servers of CDK Global were down for two weeks. The company paid cybercriminals $25 million, while the financial losses of dealers due to system downtime exceeded $600 million.

Continue Reading

Expert Speak

What the Bybit Hack Reveals About the Future of Crypto Security

Published

2 months ago

on

March 8, 2025

By

Written by Oded Vanunu, Chief Technologist & Head of Product Vulnerability Research at Check Point (more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.