I was doing some research on IoT and DDoS attacks. As part of that research, I conducted an email interview with Carl Herberger, VP of Security Solutions at Radware. Rather than talk about DDoS attacks, Herberger told me about ransom denial of service (RDoS) attacks, a term I was unfamiliar with. He explained:
In an RDoS attack, the perpetrators send a letter threatening to attack an organization — rendering its business, operations or capability unavailable — unless a ransom is paid by the deadline. These attacks have grown in number every year since 2010 and typically come in the form of a volumetric distributed denial-of-service (DDoS) attack. However, it is increasingly in vogue to find techniques that are more piercing and more efficient without generating large volumes. The most advanced attacks combine both volume and non-volume cyberattack techniques.
It’s a type of attack that IT professionals are concerned about, according to a study released this summer by Corero Network Security. As the Tripwire State of Security blog reported, 80 percent of respondents worry that their company will be the target of a RDoS attack within the year, and 43 percent of those expect to pay the ransom.
This fits in with what Herberger told me, that RDoS attacks, as well as the more commonly known ransomware attacks, are happening every day. As he said to me, while other types of attacks tend to take a long time to detect and defend, ransomware and RDoS threats shout, “I’m an attack and I’m right here!” You have no choice but to drop everything and address it immediately.
I asked Herberger what types of IoT devices are most commonly hit with the malware that causes these attacks. After all, when the Mirai malware took down Dyn, it was reported that cameras were the IoT devices targeted to be turned into botnets. Herberger said the type of devices that can be vulnerable is not as relevant as the type of code the devices are running:
Many of today’s IoT devices use standard operating systems or protocols such as Linux and Remote Code Execution (RCE) capabilities. Darknet marketplaces often offer a number of exploit codes for sale, which range from a local privilege escalation on Windows 8.1 or a single message DoS exploit on Telegram. Attackers can also find exploits, such as a RCE that allows upload of a bot to a large quantity of vulnerable routers.
When I wanted to know how companies can best defend themselves from this type of attack, Herberger emphatically fell into the “don’t pay the ransom” camp, stating that paying the ransom often leads to prolonged or repeated attacks. Instead, he advised adopting a strong security posture and becoming less of a target by using the following tips:
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba