The rise of IoT-based DDoS attacks: Is there a solution?
The rise of IoT DDoS attacks makes it imperative to rethink DDoS defences to thwart these sophisticated and often devastating threats.
Sanjai Gangadharan is the Regional Director SAARC, A10 Networks which is a U.S. based company, based in San Jose, California, that provides a range of high-performance application security and networking solutions that help organizations ensure that business critical applications are protected, reliable and always available.The company is known for manufacturing highly scalable application delivery controllers (software and hardware) and expanded into intelligent automation, machine learning and security solution solutions.
There’s a flood of connected devices making their way into our homes and businesses. From mobile, wearables and car technology to advancements in smart homes, TVs and cameras, the tech world is awash with internet-connected devices. By 2020, it is estimated that there will be more than 30 billion connected devices in the world – more than four times the earth’s population.
Tech-hungry consumers keep their eyes peeled for major device announcements. Also watching are distributed denial of service (DDoS) attackers who have made the Internet of Things (IoT) their weapon of choice. These nefarious actors exploit millions of vulnerable IoT devices to create sophisticated malware-based DDoS botnets which they then use to initiate devastating attacks. IoT vulnerabilities give these hackers the ability to scale their attacks across tens of millions of devices and unique IP addresses.
Every new device announcement adds more weapons to an already stocked arsenal the connected gadgets hackers have at their disposal that they can weaponise and leverage to launch DDoS attacks.
If we’ve learned anything from the Mirai botnet’s path of destruction in the late 2016, during which attackers hijacked more than 5,00,000 webcams to launch a DDoS attack topping 1 Tbps, and last year’s WireX and Reaper threats – it’s that bad actors will latch onto unsecured devices and use them to do their bidding.
“Millions of unsecure, internet-enabled devices provide new threat vectors. Given the rapid proliferation of Internet of Things devices in advance of IoT-oriented security standards and configuration practices, expect these devices to be increasingly used as weapons for DDoS and other attacks,” said Adam Isles, principal at The Chertoff Group, a global advisory firm that provides security risk management, business strategy and merchant banking advisory services.
According to a recent AT&T Cybersecurity Insights report, nearly a third (32%) of surveyed organisations said IoT-based DDoS attacks are their biggest future cybersecurity concern. AT&T found that more than a third (35%) of all its survey respondents say that IoT devices were the primary source of a data breach experienced over the prior year. And the outlook for future IoT attacks remains bleak, with 68% of survey respondents saying they expect IoT threats to increase in the coming year.
That said, AT&T found that 90% of organisations have conducted enterprise-wide cyber risk assessments in the past year, but only half (50%) have conducted risk assessments specific to IoT threats.
Meanwhile, according to our A10 Application Intelligence Report (AIR), distributed denial of service (DDoS) attacks took the top spot among cyberthreats against businesses, with more than one third (38%) of IT decision makers saying their company has suffered an attack at least once over the past 12 months, with another 9% noting they’re not aware whether they’ve been attacked or not.
Frighteningly, that means that nearly half of IT professionals say their company has either been a victim of a DDoS attack or they don’t know if they’ve been a victim.
This rash of IoT-based DDoS attacks when paired with lack of awareness and the growing roster of IoT devices hitting the market creates a potentially catastrophic opportunity cocktail for savvy cyber-attackers.
The consensus: IoT-based DDoS attacks will grow in both bot size and traffic volumes mostly due to their use of vulnerable, poorly-secured IoT devices. Contributing to those millions of vulnerable IoT devices will be this year’s crop of marquee CES announcements and the myriad gadgets found under the Christmas tree.
The rise of IoT DDoS attacks makes it imperative to rethink DDoS defences to thwart these sophisticated and often devastating threats. Here are key things to look for in an effective DDoS defense solution to ensure that IoT DDoS attacks can’t take you down:
⦁ DDoS defense solutions should be capable of detecting, mitigating and reporting on multi-vector DDoS attacks at the network edge and in centralised scrubbing centers to scale and defend against colossal IoT-fueled attacks
⦁ DDoS defense solutions must differentiate botnet traffic from legitimate traffic and users, so services stay available when battling an attack
⦁ DDoS defense solutions should include intelligence on known botnets and agents to defend networks against known threats
⦁ DDoS defense solutions must scale yet maintain cost-efficiency