IoT provided a revolutionary leap in the scale DDoS attacks. I will talk about global IoT DDoS trends, tell some funny (probably not for the orgs) stories about people that had their IoT hacked, and go through some tooling that can assist you in finding your vulnerable IoT devices.
IoT is breaking down the barriers for people all over the world to allow the rapid deployment of internet connected devices. Now you can have everything from fridges to lightswitches to lightbulbs (I don’t know why you would have both, but you do you) and more connected and accessible at the touch of a button. This proliferation of attached devices is also allowing record DDoS swarms, take that advocates of the death of Moore’s law. While we focus a lot of scrubbing pipes and flaring clouds, there exists another avenue for being DDoS’d, your own compromised IoT swarms! In this talk you will hear: Some proselytising on global DDoS trends and why IoT is to blame Some case studies of enterprise networks that had their IoT compromised, what it looked like to incident responders, and how they dug their way out of it Some open source tooling that you can use to help scope and remediate the problem in your organisation (Note, I did not write any of it).
Watch 'The DDoS is coming from inside the house' on PyCon AU's YouTube account
Chris Wiley
AARNet
Five years of IT Seven years of security My job history
Deploy, maintain, grow Networks the size of suburbs Protection is hard
Today my life is A non profit ISP All things securit… :-(
I have been in IT for over a decade. Done a bunch of networking, a bunch of security. I work for AARNet, a non profit ISP that serves Australia’s education and research sector. I try to leave things less bad than how I found them. I hang out with hackers a lot, hopefully none of them know who I am. I am really into privacy, and am super excited about GDPR.