DDoS downfall: How the IoT is Becoming the Internet of Very Bad Things

DDoS Downfall: How the IoT is Becoming the Internet of Very Bad Things

  • Apr 17, 2017

Internet of Things (IoT) devices like smart watches, smart thermometers, smart fridges and smart anything are undeniably cool and incredibly useful. This age of connectivity is the age of possibility, and millions of people all over the world are taking advantage of the wonderful benefits these devices have to offer.

There’s a different kind of people taking a different kind of advantage of all these connected devices, however, and with the exploding popularity of IoT devices, these people have a lot of power literally at their fingertips. The result of all this easily accessible power? The biggest DDoS attacks the world has ever seen.

Services, denied

Distributed denial of service or DDoS attacks are a type of cyberattack that seek to overwhelm the network resources or bandwidth of a target website or other online service. These attacks do so by harnessing the power of a botnet, a grouping of internet-connected devices that enables the attacker to direct massive amounts of malicious traffic at the target.

When a DDoS attack is successful, the result is a website that is either bumped offline or slowed down so much that it can’t be used. Thanks to the accessibility of DDoS for hire services, distributed denial of service attacks were already a growing problem since the average person with no special computer skills can now aim an attack at any site for a nominal fee, making almost every website and business on the internet a potential target. Thanks to the IoT, the DDoS threat is looming considerably larger.

Bigger and badder botnets

For a device to be included in a botnet, it needs to be infected with malware that allows it to be remotely controlled. In the past these devices were generally computers because they were by far the most common form of internet-connected device. However, security for computers has gotten better and people have become increasingly focused on securing them, making it harder for cyberattackers to take over.

If computers were still the most common form of internet-connected device, this would be good news, but in 2016 the number of devices in the IoT was estimated at 6.4 billion. Unfortunately, these devices tend to be so weakly secured attackers have to do little more than put in default usernames and passwords to take control. As a result, IoT-powered botnets are weighing in with hundreds of thousands of infected devices, giving attackers unprecedented amounts of malicious traffic to play with.

Mirai mayhem

In its relatively short life, the Mirai IoT botnet has already achieved internet infamy with its record-breaking distributed denial of service attacks. The first high-profile victim was famed security blogger Brian Krebs, whose website went down in the face of a 620 Gbps attack. Following that, French web hosting provider OVH got rocked by a 1 Tbps attack, then DNS provider Dyn got walloped by a 1.2 Tbps attack, resulting in the internet essentially coming to a screeching halt when sites like Netflix, PayPal and Twitter went down as a result. All three attacks were once the biggest in the history of the internet. The Dyn attack is still number one.

The Mirai source code is publicly available, which means cyberattackers are free to use it to assemble their own massive botnets, which means Mirai variants are causing big problems all over the internet. In December, one such variant infected Deutsche Telekom routers, affecting over 900,000 customers. While most Mirai-based attacks are network-layer, another variant recently took aim at an American college with a 54-hour application-layer attack that peaked at over 37,000 requests per second.

Two types of threats and two security considerations

The threat presented by the Mirai malware, as well as any malware that targets IoT devices, is two-fold. First is the threat to websites and online service coming from these bloated botnets and the record-smashing DDoS attacks that cause an immediate loss of revenue while the site or service is unavailable, as well as a long-term loss of revenue stemming from the eroded trust and loyalty experienced by users. The solution for this is professional DDoS mitigation that protects against both network and application layer attacks.

The second threat presented is to every person or company that has at least one IoT device. If a device can be easily hijacked for inclusion in a botnet, it can be just as easily hijacked for other malicious purposes. Considering how much sensitive and financial data may be available through these devices as well as how many gather photo, video and audio imaging, this is a truly frightening prospect.

To check if any of the devices on your network are either already infected by the Mirai malware or vulnerable to it, you can use the Mirai scanner provided by DDoS protection provider Incapsula. Regardless of the results of the scanner, you should take the time to log in to every IoT device you own and change the default username and password to something that is hard to guess. After all, the only person who should get to benefit from an IoT device should be the person who owns it.

Featured

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

Most   Popular

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.