DDoS attacks have almost doubled in the last six months, reaching an average of 237 per month, according to new research from Corero. One of the main reasons behind this huge leap in attacks is the increasing number of easy-to-hijack, unsecured ‘smart’ devices which can be recruited into DDoS botnets. And this problem is only getting worse – especially considering all the consumer tech products now being purchased as Christmas presents and how they could soon become prime targets for hacker infiltration and takeover.
unsecured IoT devices have powered some of the biggest DDoS attacks against online platforms in the last few years
Aside from the personal privacy and security concerns resulting from unsecured Internet of Things devices, another serious danger is the ease with which hackers can harness them for a variety of nefarious purposes, including being recruited into botnets and used in DDoS attacks. Indeed, unsecured IoT devices have powered some of the biggest DDoS attacks against online platforms in the last few years and thus, organizations of all sizes need to ensure their devices, data and networks are safe.
The evolution of botnets
Botnets have transformed the DDoS landscape. Smart devices are essentially a gateway for cybercriminals into their target’s networks, making them more vulnerable to cyber threats and compromises. One of the biggest and most dangerous IoT-related cyber-attacks in the last few years was the Mirai botnet, which enslaved tens of thousands of poorly protected internet devices into bots used for launching DDoS attacks. Looking forward, the continuing proliferation of unsecured smart devices means there will be no limit to the potential size and scale of future botnet-driven DDoS attacks. By using amplification techniques with the millions of devices currently accessible, such as security cameras, DDoS attacks are set to become even more colossal in scale. Terabit-class attacks with the ability to ‘break the Internet’ – or at least clog it in certain regions – are a reality.  Attacks of this size can take virtually any organization offline, and anyone with an online presence must be prepared to defend against them.
Besides their growing size and scale, botnets are also becoming more sophisticated in terms of the techniques they use. For example, the Reaper / IoTroop botnet, which is already known to have infected thousands of devices, is believed to be particularly dangerous due to its exploit of software vulnerabilities to gain control. Acting like a computer worm, it hacks into IoT devices and then uses those to hunt for new devices to spread itself further.
But it isn’t just the giant attacks that organisations need to worry about. Before botnets are mobilised, hackers need to make sure that their techniques are going to work. This is usually done through launching small, sub-saturating attacks which most IT teams wouldn’t even recognise as DDoS. Due to their relatively small size, compared to normal traffic, and their short duration, these attacks typically evade detection by most legacy DDoS mitigation tools. This enables hackers to perfect their methods under the radar, leaving security teams blindsided by subsequent attacks. Indeed, organized cyber-attack groups regularly test their DDoS tools and techniques, to see how far they can push the envelope. If these techniques are deployed at the scale possible with IoT botnets, the results can be devastating.
Wider DDoS trends observed during 2017
In addition to the proliferation of unsecured Internet of Things devices, Corero has observed a growing availability of DDoS-for-hire services. Due to their cheap price-point and ease of access, they have revolutionised DDoS attacks by giving anyone and everyone access, without needing to have any understanding of coding. A quick search of Google and a spare $50 can put DDoS attacks into the hands of just about anyone. As a result, performing DDoS attacks has never been easier and more cost-effective.
Furthermore, hackers are also using sophisticated, quick-fire, multi-vector attacks against an organisation’s security. Such attacks use a combination of techniques in the hope that one, or a few, can infiltrate the target network’s security defences. For example, DDoS attacks are increasingly launched as a smokescreen that distracts IT staff while the hackers stealthily breach other aspects of a company’s database to comb for sensitive data such as credit cards and email addresses.
Another key trend observed during Q3 2017 was the return of Ransom Denial of Service (RDoS). In a RDoS attack, cybercriminals send a message threatening to carry out a DDoS attack, or infect organization’s operational systems with forms of ransomware, unless payment is received by a certain deadline. For example, earlier this year the hacker group called Phantom Squad began extorting companies in the Europe, US and Asia. Indeed, DDoS ransom activity is on the rise, with extortion campaigns spanning all industries – from banking and financial institutions, to hosting providers, online gaming services and SaaS organisations.
These trends, alone, make for worrying reading but, factor in the scale enabled by unsecured IoT devices and this makes for DDoS attacks that are significantly more powerful and dangerous than previously possible. Indeed, as DDoS threats continue to evolve, organizations of all sizes need to keep up to date with the latest trends and attack vectors, to ensure their data, devices and networks are secure.
Securing IoT devices, and how can businesses protect their networks from the growing DDoS threat
To avoid smart devices becoming part of the DDoS problem, organizations need to pay close attention to the settings for those devices and, where possible, separate them from access to the Internet and to other devices. Organizations should include IoT devices alongside regular IT asset inventories and adopt basic security measures like changing default credentials.
[clickToTweet tweet=”‘To avoid smart IoT devices becoming part of the DDoS problem, organizations need to…’ read on ->” quote=”‘To avoid smart IoT devices becoming part of the DDoS problem, organizations need to…’ –>”]
Finally, to stay one step ahead of these ever-evolving DDoS threats, organisations must maintain comprehensive visibility across their networks to spot and resolve any issues, as they arise. The sheer volume of devices involved poses a serious security challenge. After all, any device that has an Internet connection and a processor can be exploited. For this reason, effective DDoS protection requires continuous visibility into the threats, with real-time mitigation as well as long-term trend analysis to identify changes in the DDoS landscape and deliver proactive detection and mitigation.
Sean Newman is Director Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.