It was because of the growing security risks surrounding these devices last year that a number of internet criminals were able to weaponise them and as a result, take a number of websites and services offline by launching DDoS (distributed denial of service) attacks.
Last year, says Roland Dobbins, principal engineer at Arbor Networks, we saw a number of organisations fall victim to this type of attack including the Rio Olympics. According to Arbor’s latest Worldwide Infrastructure Security Report, the weaponisation of Internet of Things (IoT) devices drove DDoS attack size higher by 60%.
IoT devices are attractive to attackers because so many are shipped with insecure defaults, including default administrative credentials, open access to management systems via the Internet-facing interfaces on these devices, and shipping with insecure, remotely exploitable code. A large proportion of embedded systems are rarely if ever updated in order to patch against security vulnerabilities – indeed, many vendors of such devices do not provide security updates at all.
There are tens of millions of vulnerable IoT devices, and their numbers are growing daily; they’re generally always turned on; they reside on networks which aren’t monitored for either incoming or outgoing attack traffic; and the networks where they’re deployed often offer high-speed connections.
Organisations can defend against DDoS attacks by implementing best current practices for DDoS defence, including hardening their network infrastructure; ensuring complete visibility into all traffic moving through their networks; implementing sufficient DDoS mitigation capacity and capabilities (either on-premise or via cloud-based DDoS mitigation services, or both); and by having a DDoS defence plan which is kept updated and is rehearsed on a regular basis.
In particular, ISP and MSSP (internet and managed services service provider) network operators should actively participate in the global operational community, so that they can render assistance when other network operators come under high-volume DDoS attacks, as well as request mitigation assistance as circumstances warrant. Active, continuous cooperation between enterprise network operators, ISPs, and MSSPs is the key to successful DDoS defence.
It’s also very important that when measuring DDoS attack volumes, network operators take into account the baseline load of their normal Internet traffic so as to neither underestimate nor overestimate the amount of attack traffic targeting their networks and customers.
The author of this blog is Roland Dobbins, principal engineer at Arbor Networks