A Russian telecom giant thwarted DDos Attacks on five of the largest banks and financial institutions in Russia on Dec. 5, 2016.
Rostelcom reported the Distributed Denial-of-Service or DDoS attacks, aimed at five of the largest financial institutions in Russia were generated from home routers referred to in the industry as Internet of Things (IoT) devices. The DDoS attack bot was identified as an evolved version of the Mirai botnet according to CyberWire.
In our earlier report, IoT was also being blamed for the Dyn attack in the U.S. that resulted in Twitter, Spotify, Reddit, Airbnb, Etsy, SoundCloud, and The New York Times to struggle with intermittent access last October.
Before the Dec. 5 DDoS attack on the financial institutions, an earlier attack was reported a week before on Deutsche Telecom and Irish provider Eircom. The DDoS attack was reportedly orchestrated by unknown assailants using vulnerabilities of IoT devices that support the CWMP Management Protocol (TR-069).
Accordingly, Russia’s Federal Security Service (FSB) issued a warning of the planned cyber attacks last Dec. 2 that was said to have originated from a Ukranian hosting company’s servers located in the Netherlands. The report further stated that the DDoS attacks aimed to destabilize Russia’s financial system as well as hamper the operations of a number of major Russian banks.
On Tuesday, Russian President Vladimir Putin signed an updated doctrine on information technology. It notes that various Russian government agencies and industries are being targeted by employing electronic and cyber surveillance.
The doctrine aims to build strategic deterrents to prevent armed conflicts stemming from the use of IT. The doctrine also enjoins Russian agencies to fortify their information structure that would prevent future DDoS and similar attacks of this nature.
Internet of things – DdoS attacks
The issue of using Internet of Things devices to be controlled by botnets to initiate a DDoS attack is not a new one. In the US Dyn attack, it was a subject if the manufacturers of these devices should be held liable for not installing protection mechanisms that allowed the devices to be controlled by bots.
While DDoS attacks cannot be prevented, steps can be taken to make it harder for attackers, according to ZDNet. To prevent IoT devices from becoming botnet slaves, it is advised to change default access credentials of their devices. Leaving devices at their factory default setting opens up the device to possible enslavement by these bots.
It is also wise to put up web application firewalls, load balancers or use commercially available network firewalls.