DDOS attacks are about to get a whole lot worse thanks to the Internet of Things. But help may come from an unlikely source – the cloud.
The Internet of Things promises to do some great stuff for both our professional and personal lives. But all that enrichment comes at a pretty hefty cost, at least now, in its early days. I’m talking, of course, about security.
Or rather, the lack thereof. Internet-connected devices are easy targets for hackers and ideal candidates for use in botnets. They often lack proper configuration, and many users fail to use strong login credentials.
That isn’t terribly surprising if you stop to think about it. The majority of IoT manufacturers have middling expertise where cybersecurity is concerned. After all, it’s not something they’ve ever needed to think about. Sure, a company that makes kitchen appliances probably has an IT department, but how great are the chances that they’d bother to include administrators and security professionals in the manufacturing process?”
You should already know the answer to that – somewhere between ‘slim’ and ‘none.’
[easy-tweet tweet=”Users still can’t be bothered to apply strong credentials to their devices” hashtags=”IoT, Data”]
That isn’t the only problem with the connected world, either. In spite of all the hacks, data breaches, and privacy leaks we’ve seen over the past several years, a startling number of users still can’t be bothered to apply strong credentials to their devices. Just take a look at the top ten passwords used to hijack IoT devices, and try not to cringe at the fact that there are things like ‘root,’ ‘123456,’ and ‘password.’
Someone looking to create a botnet, therefore, doesn’t even need to be particularly skilled at hacking. They just have to take the shotgun approach – slam default usernames and passwords into as many devices as they can find, and see which ones they can recruit. They’re more or less guaranteed to pick up at least a few.
The result of this mess? Some of the largest botnets we’ve ever seen. And it’s only going to get worse from here – at least until someone steps up and holds manufacturers accountable for their security flubs.
Of course, you can already guess the problem with that. The consumer market doesn’t care about security. They care about whether or not their devices are easy to use.
And that, in turn, means that IoT vendors and manufacturers have little to no incentive to harden their devices. Even on the rare occasion that a hardware or software vendor is held liable for a breach, the regulatory fine amounts to little more than a slap on the wrist. It would be like causing a car accident and only being penalised with a $50 fine.
Until we find a way to incentivize security amongst vendors and ensure consumers don’t bumble along with default usernames and passwords, the Internet of Things will continue to represent a major security risk, even as it transforms how we work and live.
[easy-tweet tweet=”IoT isn’t going anywhere anytime soon.” hashtags=”IoT, Cloud “]
Sadly, that means that in the interim, all you can do about any of this is shore up your defences and hope you can survive whatever botnet happens to be pointed your way because IoT isn’t going anywhere anytime soon. And as you may have surmised, traditional DDOS protection may not be enough to weather the storm – at least, not of the sort anyone save for a dedicated host can afford. In this, the cloud may be the answer.
“It looks like 2017 will see [the scale of botnets] increase even more rapidly with the abundance of insecure IoT devices and the fact that large-scale attacks have become simpler to execute,” Duncan Stewart, Deloitte’s Director of TMT Research told Gigaom. “ The consequence may be that CDNs and local mitigations may not be able to scale readily to mitigate the impact of concurrent large-scale attacks, requiring a new approach to tackling DDoS attacks.”
Many of the features that allow the cloud to offer competitive advantages over traditional hosting services also make it ideally suited for weathering DDOS attacks. Failover and reliability. On-demand scaling. Distributed networking.
It seems like it’s perfect, right?
Almost. See, the market…isn’t quite there yet. DDOS-as-a-Service is an excellent idea, but it’s also one that’s still in the wings. The solution may well be to bake DDOS protection into existing cloud platform. By providing cloud-based mitigation, providers can shore up their platforms against potential attacks.
That just leaves non-cloud servers and services – which could all benefit from a bit of cloud scaling, anyway.