Feds warn of DDoS attack vulnerability for connected medical devices

As the number of connected devices is projected to grow to 20 to 50 billion by 2020, the FBI says the threat of DDoS attacks launched by leveraging flaws in IoT devices is not going away anytime soon.
By Jessica Davis
02:50 PM
Share
medical device security

The FBI issued an alert this week that as the number of connected IoT devices are expected to increase to 20 billion to 50 billion by 2020, the threat of DDoS attacks on vulnerabilities in the devices will remain.

“Deficient security capabilities, difficulties in patching vulnerabilities and a lack of consumer security awareness provide cyber actors with opportunities to exploit these devices,” the alert said.

[Also: 5 tips to lockdown security for Internet of Things medical devices]

The concern is the these poorly secured or completely unsecured devices will give hackers easy access to private networks -- and in turn gain access to other devices or data that lives on the network.

As part of its warning, the FBI is recommending both device owners and manufacturers take steps to secure these devices -- like changing default passwords and usernames and isolating these devices on the network.

[Also: FDA exec to medical device manufacturers: 'Bake security into the design']

In a separate alert, the FBI is requesting organizations across all sectors that have fallen victim to DDoS attacks to share the details of the attacks with the agency.

The request is similar to one made last year after ransomware reared its head and pummeled organizations -- especially those in the healthcare sector.

Victims should contact the local field branches and or file a complaint with the Internet Crime Complaint Center -- regardless of the size of the attack. Further, the FBI is specifically looking for the traffic protocol used in the attack and any extortion attempts or ransom demands made.

[Also: Hackers hate ransomware, but it's quickly becoming the new DDoS]

Victims should attempt to preserve the net flow and or packet capture of the attack, while saving any correspondence with the hacker in its original format. Officials have also requested that victims report any losses suffered as part of the attack, along with the cryptocurrency wallet or email address used -- if the ransom was paid.

The request for information is part of a bigger alert that notified organizations about booter and stresser services, which are often crucial to launching a DDoS attack. The services are sold on the dark web and used to accelerate and automate the impact of the attack.

“These services can be used legitimately to test the resilience of a network,” according to the alert. “However, criminal actors use this capability to take down websites. Established booter and stresser services offer a convenient means for malicious actors to conduct DDoS attacks by allowing such actors to pay for an existing network of infected devices, rather than creating their own.”

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com