IoT regulation is key to halting increase in DDoS attacks
Global communication service providers (CSPs), who are expected to provide customers with continuous, uninterrupted service, are struggling to deal with an increasing number of distributed denial of service (DDoS) attacks.
DDoS attacks involve flooding a network with more traffic than it can handle, which makes the network inaccessible to legitimate users.
According to A10 Networks’ The State of DDoS Attacks against Communication Service Providers report, which quizzed 325 IT and security professionals working for internet service providers, 85% of CSPs believe that there will be an increase or no reduction in the amount of DDoS attacks launched against them in the near future.
Despite the threat increasing, just 39% were confident that their organisation could detect a DDoS attack. Fewer respondents, 34%, were confident that their organisation could prevent an attack.
Respondents said that a lack of actionable intelligence was the top barrier to preventing DDoS attacks. Insufficient talent and expertise, and inadequate technologies were also viewed as significant barriers.
Stopping the botnet
Preventing attacks can be costly for businesses, according to cybersecurity expert Jake Moore, security specialist at ESET, but regulating the internet of things (IoT) space could help to prevent a large number of DDoS attacks before they are launched.
“DDoS attacks have always featured in cyber-attacks and there’s usually not much companies can do to protect their websites other than to attempt to divert as much traffic as possible, but this can be costly,” Moore explained. “The real solution lies in the early production of the internet of things and smart devices, where they are continually created with simple or no security at all.”
According to GlobalData’s recent smart home report, spending on internet-connected smart home devices climbed to $23bn in 2018. The market is expected to grow to $25bn by 2025 as consumers continue to automate their homes using smart speakers, thermostats, lighting and security products.
However, various studies have highlighted how easy it is to hack many of these devices.
This is being exploited by cybercriminals to build botnets, a number of compromised internet-connected devices that are used to carry out automated cybercriminal activities such as DDoS attacks or spam delivery.
The Mirai botnet discovered in 2016, for example, had amassed 380,000 devices by scanning the internet for IoT devices and testing commonly-used default username and password combinations to break into a device.
“Once such devices are taken over by a threat actor, they are simply diverted on mass to targeted sites to crash them,” Moore explained.