Fleet Vulnerability to DDoS Is Low, For Now
Graphical representation of the areas affected by the Mirai bot during the October 2016 cyberattack on the Dyn network. Illustration: DownDetector via Wikipedia
While 2016 will likely be most remembered for the U.S. presidential election, perhaps more significantly for the seeming renaissance in distributed denial-of-service (DDoS) attacks. This renaissance was briefly in the spotlight when both campaigns were hit with a DDoS attack. While ultimately unsuccessful, it highlighted the vulnerability to DDoS attacks at the highest level.
Although it’s a hot topic for vulnerable sectors, including healthcare and energy — which each have experienced high-profile attacks — how prevalent are these attacks and do fleets need to worry that they’re next?
The bad news is that these attacks are very prevalent, according to James Scott, senior fellow with the Institute for Critical Infrastructure Technology (ICIT), who, with Drew Spaniel, a researcher with ICIT authored the report "Rise of the Machines: The Dyn Attack was Just a Practice Run."
“DDoS attacks and attacks that leverage botnets (malware delivery, spam, etc.) are incredibly prevalent because they are easy to conduct and/or cheap to purchase, as a layer in a multi-tiered campaign,” Scott told Automotive Fleet in an e-mail interview. “In most cases, DDoS are used as a distraction, to divert defensive resources, or to probe target defensive capabilities. Many sophisticated adversaries, such as APTs (Dridex, Carbanak, etc.), incorporate on botnets and/or DDoS attacks into their campaigns. Agencies, businesses, and other entities, experience DDoS attacks on a regular basis. Attribution of incidents is complex and is further clouded by adversarial trends of outsourcing layers, such as DDoS attacks, to other hackers, almost always without fully informing the conspirator of the motivation, intent, or plan of the attack.”
The Dyn attack, which occurred in October — and affected such Internet services as Amazon and Netflix — did no overt harm according to security technologist Bruce Schneier during testimony to the Congressional Committee on Energy and Commerce, but also is a reminder of how connected today’s world is.
Scott’s report cited Gartner statistics that by the end of 2016 the consumer sector will have 4 billion Internet of Things (IoT) devices, and the business sector will rely on 1 billion IoT devices, with an additional 1.3 billion devices in other verticals for a worldwide IoT network of 6.4 billion devices. By 2020, that number is expected to increase to 50 billion. Of these devices, about 4.6% (about 294 million) are vulnerable to botnets such as Mirai, which was used in the Dyn and other recent attacks, according to the security firm Bullguard.
The goal of these attacks is to infect — “bot” or “zombify” — devices that process and deliver data via the Internet — particularly if it’s in high volume.
“This is why DVR units and CCTV cameras, which are designed to process video information, have become recent targets of the Mirai botnet,” said Scott.
The good news for fleets is that GPS devices and vehicle infotainment systems either can’t be affected or are low-threat targets for hackers.
“Only vehicles with an Internet connection are at risk, and vehicles with a constant internet connection are at the greatest risk of targeted compromise. Infotainment units could be exploited if an adversary was desperate enough to expand their bot pool,” he said. “Telematics units that connect to the Internet could also be compromised, though the data throughput might be too low to make the devices worth compromising.”
However, with autonomous vehicles, vehicle-to-infrastructure capabilities, and the expansion of IoT capabilities into the automotive space, the threats could expand.
“It remains unclear whether an adversary could DDoS a regular vehicle — see the 2015 Jeep hacks — but it is well within the realm of possibility to DDoS or bot any autonomous vehicle with a constant Internet connection,” Scott explained. “Autonomous vehicles are designed to process code, so they could also be used as bots to deliver malware, etc. (similar to how router IP addresses were mapped by driving a car around and connecting to open internet connections, etc.).”
While, on the face of it, fleets could be joining the growing fraternity of at-risk commercial sectors (no matter what area their companies operate), there are steps that fleets are able to take now and in the future, according to Scott.
“Fleets could best protect themselves by disabling unused Internet connections, closing unused ports, and by investing in vehicles where the manual system is not entirely dependent on a CPU (manual override, etc.),” he said.