Permanent Denial of Service Attacks

by Ali Nicholl

Distributed Denial of Service (DDoS) attacks have been threat for a number of years with high profile victims making headlines globally.

However, this recent report from Radware highlights a new and increasingly popular bot attack, Permanent Denial of Service attacks (PDoS attacks).

“Over a four-day period, Radware’s honeypot recorded 1,895 PDoS attempts performed from several locations around the world. Its sole purpose was to compromise IoT devices and corrupt their storage.”

As we discussed in our note earlier this year (AVAILABLE HERE) Denial of Service attacks in all their forms are a growing, real, threat which compromises enterprises and is inhibiting the growth and proliferation of IoT as anything but a novelty. The RSA conference of 2016 was blunt: “IoT will crash and burn if Security doesn’t come first”. This most recent report highlights that stark warning remains unheed.

Conversely Denial of Service attacks (Permanent or Distributed) are not possible in Iotic Space. As outlined above, these attacks are targeted at things that are on the public Internet, often a business’s first brush with the IoT as projects and functions look to exploit ever-expanding internet-enabled products and consumables. The connected things are often attacked using “swamping” and password dictionary attacks.

Because of the double virtualisation built into Iotic Space and the “ioticising” that occurs when a real thing (sensor or device) becomes an Iotic Thing, there is no analogue for this kind of attack within Iotic
Space. The virtualised devices are abstracted and so provide no access to their IP ports. Any suspect protocols (such as Telnet in this case) are therefore blocked. Any communication path to the virtualised device is brokered within Iotic Space and requires the requestor to have valid identity and credentials, furthermore any requestor with malicious intent can have their access revoked at any point.

To find out how Iotic Space can deliver secure and scalable IoT deployments for your enterprise get in touch.

In June 2017 Iotic Labs and (ISC)² are launching a new IoT training course. Enterprises of all sizes can learn how to securely start, mitigating risks and building IoT services and solutions with confidence.

Adrian Davis of (ISC)2, the global membership organisation for information security professionals, said:

“With the rapid adoption of consumer devices, IoT and sensors, organisations face a significant challenge to understand and secure their networks. Iotic Space provides the ability to model and then secure these networks.”