Connected devices have never been more at risk from attackers

Copyright: glebstock / 123RF Stock Photo

It was because of the growing security risks surrounding these devices last year that a number of internet criminals were able to weaponise them and as a result, take a number of websites and services offline by launching DDoS (distributed denial of service) attacks.

Last year, says Roland Dobbins, principal engineer at Arbor Networks, we saw a number of organisations fall victim to this type of attack including the Rio Olympics. According to Arbor’s latest Worldwide Infrastructure Security Report, the weaponisation of Internet of Things (IoT) devices drove DDoS attack size higher by 60%.

IoT devices are attractive to attackers because so many are shipped with insecure defaults, including default administrative credentials, open access to management systems via the Internet-facing interfaces on these devices, and shipping with insecure, remotely exploitable code. A large proportion of embedded systems are rarely if ever updated in order to patch against security vulnerabilities – indeed, many vendors of such devices do not provide security updates at all.

There are tens of millions of vulnerable IoT devices, and their numbers are growing daily; they’re generally always turned on; they reside on networks which aren’t monitored for either incoming or outgoing attack traffic; and the networks where they’re deployed often offer high-speed connections.

Organisations can defend against DDoS attacks by implementing best current practices for DDoS defence, including hardening their network infrastructure; ensuring complete visibility into all traffic moving through their networks; implementing sufficient DDoS mitigation capacity and capabilities (either on-premise or via cloud-based DDoS mitigation services, or both); and by having a DDoS defence plan which is kept updated and is rehearsed on a regular basis.

xlogo.png.pagespeed.ic.-gPylMLJoqIn particular, ISP and MSSP (internet and managed services service provider) network operators should actively participate in the global operational community, so that they can render assistance when other network operators come under high-volume DDoS attacks, as well as request mitigation assistance as circumstances warrant. Active, continuous cooperation between enterprise network operators, ISPs, and MSSPs is the key to successful DDoS defence.

Roland Dobbins of Arbor Networks

It’s also very important that when measuring DDoS attack volumes, network operators take into account the baseline load of their normal Internet traffic so as to neither underestimate nor overestimate the amount of attack traffic targeting their networks and customers.

The author of this blog is Roland Dobbins, principal engineer at Arbor Networks

 

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

Infineon and Rainforest Connection create real-time monitoring system to detect wildfires

Posted on: October 22, 2021

Munich and San Jose, California, 21 October, 2021 – Infineon Technologies AG a provider of semiconductors for mobility, energy efficiency and the IoT, announced a collaboration with Rainforest Connection (RFCx), a non-profit organisation that uses acoustic technology, Big Data and Artificial Intelligence / Machine Learning to save the rainforests and monitor biodiversity.

Read more

Infineon simplifies secure IoT device-to-cloud authentication with CIRRENT Cloud ID service

Posted on: October 21, 2021

Munich, Germany. 21 October 2021 – Infineon Technologies AG launched CIRRENT Cloud ID, a service that automates cloud certificate provisioning and IoT device-to-cloud authentication. The easy-to-use service extends the chain of trust and makes tasks easier and more secure from chip-to-cloud, while lowering companies’ total cost of ownership. Cloud ID is ideal for cloud-connected product companies

Read more