Who should protect consumers from cyberthreats?
Who should protect consumers from cyberthreats?
Smart home

Who should be protecting consumers from cybersecurity threats?

It is clear that we need new solutions in cybersecurity. In this post, we will discuss the different ways that ISPs currently can protect a customer’s home network environment, touching on an industry standard solution: OpenDNS and its implementation.

We will also discuss its shortcomings, using Mirai as an example to show how DNS solutions left the world completely unprotected from Mirai botnet attacks. There needs to be a serious reconsideration concerning ISP-provided home internet security.

What do users want?

We asked 200 consumers to participate in a survey about their cybersecurity expectations and who should be providing them. Nearly 24% of participants said that they believe their internet security provider should be responsible for their safety.

13% voted for Antivirus companies, 11% for device manufacturers, 6% for governments. The remaining 46% replied with ‘none of the above.’

How ISPs Protect Your Home

Ultimately, ISPs are protecting themselves by providing internet security measures for their customers. This is the main reason they safeguard their customers.

ISPs take certain measures to protect their customers such as blocking incoming connections on well-known ports or blocking spam, malware, and virus sent via email. An ISP wants to prevent such things as a customer’s computer becoming part of a botnet, so they implement certain security measures.

Old School DNS Protection Isn’t Cutting It

Founded 11 years ago, OpenDNS is a service that protects from phishing, malware/botnet, and the added option of content filtering. OpenDNS flags sites as malicious, not allowing you to access certain sites from your browser that are known to be harmful.

This is a security measure that many ISPs have implemented. However, it is no longer sufficient to provide comprehensive protection. As web threats and hackers become more sophisticated, security measures need to develop with them. This was discovered, perhaps too late, in the instance of the Mirai attacks.

However, it is no longer sufficient to provide comprehensive protection. As web threats and hackers become more sophisticated, security measures need to develop with them. This was discovered, perhaps too late, in the instance of the Mirai attacks.

Mirai

If you’re still convinced the OpenDNS provides enough security, let’s look at Mirai. Mirai is Japanese for “the future.” The author chose this name from a popular anime series. Mirai is a type of malware that turns devices into “bots,” infecting as many machines as possible.

This creates a network of zombies that can be used at the hacker’s command for large-scale attacks. Mirai has been the tool of choice in some of the most high-profile, disruptive DDoS attacks, such as the attack on well-known technology journalist Brian Krebs. It caused his site to go down for four days. High profile websites such as Netflix and Reddit fell victim to these attacks as well.

Mirai has been the tool of choice in some of the most high-profile, disruptive DDoS attacks, such as the attack on well-known technology journalist Brian Krebs. It caused his site to go down for four days. High profile websites such as Netflix and Reddit fell victim to these attacks as well.

The source code for Mirai was published and is now adapted and used in various types of attacks. It targets Internet of Things (IoT) devices, usually everyday items such as cameras or routers. According to KrebsonSecurity, “botnets like Mirai are used to knock individuals, businesses, governmental agencies, and nonprofits offline on a daily basis.”

Mirai shook the foundation for ISPs, and for the first time made them realize how inadequate previous solutions have been to the brand of attacks they were now seeing. DNS solutions left ISPs completely unprotected from Mirai. The reason these solutions were insufficient is that Mirai was scanning the internet for device IPs that were exposed and vulnerable.

The attack was able to compromise the devices and then use them to DDoS other legitimate targets. When those devices went out to the internet to attack their targets, OpenDNS would not flag those sites as malicious (because they are not). They are legitimate sites that were being hit by tens of thousands, or hundreds of thousands of those compromised devices at the same time.

When those devices went out to the internet to attack their targets, OpenDNS would not flag those sites as malicious (because they are not). They are legitimate sites that were being hit by tens of thousands, or hundreds of thousands of those compromised devices at the same time.

OpenDNS was never in a position to intercept the initial traffic that caused the infection. Mirai should serve as a wake-up call: ISPs need to seriously step up their game regarding providing security for their customers. So, what are your options?

Wide Area Network (WAN) vs. Local Area Network (LAN)

The grim picture that these type of attacks have been painting have several potential solutions. There are other options on the market. One of these is WAN-side cybersecurity. WAN interconnects multiple LAN’s through something like a router.

The problem with this is multifaceted. For one, it is very costly and time-consuming for ISPs to monitor all of the traffic on the WAN side. Additionally, there is the lack of visibility into user devices, user threats, and “LAN to LAN” threats, such as lateral movement.

The problem with this is multifaceted. For one, it is very costly and time-consuming for ISPs to monitor all of the traffic on the WAN side. Additionally, there is the lack of visibility into user devices, user threats, and “LAN to LAN” threats, such as lateral movement.

What is Lateral Movement?

Lateral movement is the process by which attackers jump from device to device across a local network. They go digging deeper into the network, gaining access to more valuable and restricted information as they go. Through this process, they gain additional points of control.

Being skilled at lateral movement is critical to the success of attacks. Hackers will continue to refine their skills and become better and more sophisticated. WAN side security does not protect from these kinds of attacks since the threat is coming from inside the network.

Hackers will continue to refine their skills and become better and more sophisticated. WAN side security does not protect from these kinds of attacks since the threat is coming from inside the network.

Nirvana

The real Nirvana is to have ISPs routers do all of the heavy-lifting with AI and cloud-based machine learning. As hacks get smarter and more sophisticated, so too can our solutions. This is where CUJO comes in, by implementing CUJO firmware inside of ISP hardware.

The CUJO firmware would be responsible for enforcement within the network itself, providing full visibility into malicious traffic in a way that other solutions cannot. CUJO would be the central brain, the traffic

The CUJO firmware would be responsible for enforcement within the network itself, providing full visibility into malicious traffic in a way that other solutions cannot. CUJO would be the central brain, the traffic cop if you will.