DDoS downfall: How the IoT is Becoming the Internet of Very Bad Things

DDoS Downfall: How the IoT is Becoming the Internet of Very Bad Things

  • Apr 17, 2017

Internet of Things (IoT) devices like smart watches, smart thermometers, smart fridges and smart anything are undeniably cool and incredibly useful. This age of connectivity is the age of possibility, and millions of people all over the world are taking advantage of the wonderful benefits these devices have to offer.

There’s a different kind of people taking a different kind of advantage of all these connected devices, however, and with the exploding popularity of IoT devices, these people have a lot of power literally at their fingertips. The result of all this easily accessible power? The biggest DDoS attacks the world has ever seen.

Services, denied

Distributed denial of service or DDoS attacks are a type of cyberattack that seek to overwhelm the network resources or bandwidth of a target website or other online service. These attacks do so by harnessing the power of a botnet, a grouping of internet-connected devices that enables the attacker to direct massive amounts of malicious traffic at the target.

When a DDoS attack is successful, the result is a website that is either bumped offline or slowed down so much that it can’t be used. Thanks to the accessibility of DDoS for hire services, distributed denial of service attacks were already a growing problem since the average person with no special computer skills can now aim an attack at any site for a nominal fee, making almost every website and business on the internet a potential target. Thanks to the IoT, the DDoS threat is looming considerably larger.

Bigger and badder botnets

For a device to be included in a botnet, it needs to be infected with malware that allows it to be remotely controlled. In the past these devices were generally computers because they were by far the most common form of internet-connected device. However, security for computers has gotten better and people have become increasingly focused on securing them, making it harder for cyberattackers to take over.

If computers were still the most common form of internet-connected device, this would be good news, but in 2016 the number of devices in the IoT was estimated at 6.4 billion. Unfortunately, these devices tend to be so weakly secured attackers have to do little more than put in default usernames and passwords to take control. As a result, IoT-powered botnets are weighing in with hundreds of thousands of infected devices, giving attackers unprecedented amounts of malicious traffic to play with.

Mirai mayhem

In its relatively short life, the Mirai IoT botnet has already achieved internet infamy with its record-breaking distributed denial of service attacks. The first high-profile victim was famed security blogger Brian Krebs, whose website went down in the face of a 620 Gbps attack. Following that, French web hosting provider OVH got rocked by a 1 Tbps attack, then DNS provider Dyn got walloped by a 1.2 Tbps attack, resulting in the internet essentially coming to a screeching halt when sites like Netflix, PayPal and Twitter went down as a result. All three attacks were once the biggest in the history of the internet. The Dyn attack is still number one.

The Mirai source code is publicly available, which means cyberattackers are free to use it to assemble their own massive botnets, which means Mirai variants are causing big problems all over the internet. In December, one such variant infected Deutsche Telekom routers, affecting over 900,000 customers. While most Mirai-based attacks are network-layer, another variant recently took aim at an American college with a 54-hour application-layer attack that peaked at over 37,000 requests per second.

Two types of threats and two security considerations

The threat presented by the Mirai malware, as well as any malware that targets IoT devices, is two-fold. First is the threat to websites and online service coming from these bloated botnets and the record-smashing DDoS attacks that cause an immediate loss of revenue while the site or service is unavailable, as well as a long-term loss of revenue stemming from the eroded trust and loyalty experienced by users. The solution for this is professional DDoS mitigation that protects against both network and application layer attacks.

The second threat presented is to every person or company that has at least one IoT device. If a device can be easily hijacked for inclusion in a botnet, it can be just as easily hijacked for other malicious purposes. Considering how much sensitive and financial data may be available through these devices as well as how many gather photo, video and audio imaging, this is a truly frightening prospect.

To check if any of the devices on your network are either already infected by the Mirai malware or vulnerable to it, you can use the Mirai scanner provided by DDoS protection provider Incapsula. Regardless of the results of the scanner, you should take the time to log in to every IoT device you own and change the default username and password to something that is hard to guess. After all, the only person who should get to benefit from an IoT device should be the person who owns it.

Featured

  • 91 Percent of Security Leaders Believe AI Set to Outpace Security Teams

    Bugcrowd recently released its “Inside the Mind of a CISO” report, which surveyed hundreds of security leaders around the globe to uncover their perception on AI threats, their top priorities and evolving roles, and common myths directed towards the CISO. Among the findings, 1 in 3 respondents (33%) believed that at least half of companies are willing to sacrifice their customers’ long-term privacy or security to save money. Read Now

  • Milestone Announces Merger With Arcules

    Global video technology company Milestone Systems is pleased to announce that effective July 1, 2024, it will merge with the cloud-based video surveillance solutions provider, Arcules. Read Now

  • Organizations Struggle with Outdated Security Approaches, While Online Threats Increase

    Cloudflare Inc, recently published its State of Application Security 2024 Report. Findings from this year's report reveal that security teams are struggling to keep pace with the risks posed by organizations’ dependency on modern applications—the technology that underpins all of today’s most used sites. The report underscores that the volume of threats stemming from issues in the software supply chain, increasing number of distributed denial of service (DDoS) attacks and malicious bots, often exceed the resources of dedicated application security teams. Read Now

  • Cloud Resources Have Become Biggest Targets for Cyberattacks According to New Research

    Thales recently announced the release of the 2024 Thales Cloud Security Study, its annual assessment on the latest cloud security threats, trends and emerging risks based on a survey of nearly 3000 IT and security professionals across 18 countries in 37 industries. As the use of the cloud continues to be strategically vital to many organizations, cloud resources have become the biggest targets for cyber-attacks, with SaaS applications (31%), Cloud Storage (30%) and Cloud Management Infrastructure (26%) cited as the leading categories of attack. As a result, protecting cloud environments has risen as the top security priority ahead of all other security disciplines. Read Now

Most   Popular

Featured Cybersecurity

Webinars

Whitepapers

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3