sb-au logo
Story image

IoT and DDoS attacks: A match made in heaven

19 Mar 2019

Article by A10 Networks Regional VP Sales Adrian Taylor

By 2020, Gartner predicts the total number of IoT devices will reach 20.4 billion. At the same time, DDoS attacks are on the rise, with Cisco estimating that the number of DDoS attacks exceeding 1 gigabit of traffic per second will soar to 3.1 million by 2021.

While correlation does not equal causation, in this case I believe that the two are connected. There is indeed evidence to show that IoT devices are a common thread in large-scale DDoS attacks and that the two reports above are not just a coincidence.

Earlier this year, A10 launched its own Q4 2018 State of DDoS Weapons report which shed additional light onto the connection between IoT devices and devastating DDoS attacks. The findings have exposed the role that IoT plays as one of the biggest cybersecurity threats of our time.

An overview of DDoS attacks and IoT

It comes as no surprise that IoT is continuing to grow at breakneck speed: A 2018 report from Bain found that the combined markets of IoT will reach $520 billion in 2021, more than double the amount spent in 2017.

According to the State of DDoS Weapons report, that translates to a growth rate of 127 connected devices per second, a number that will undoubtedly grow over the coming years. 

Unfortunately, this IoT explosion also provides attackers with a perfect opportunity to hack into vulnerable connected devices, especially for the purpose of building botnets (networks of malware-infected connected devices that can be used to send an overwhelming number of requests to the target’s server). 

As Eurecom discovered, hackers have already developed brand new strains of malware designed to target IoT devices specifically. Knowing this, it’s clear that the age of IoT-based DDoS attacks isn’t just on the horizon — it’s already here. 

Some of the top IoT malware dropped have already reached global levels of infamy. Take for example the Mirai malware, which brought major websites like Reddit and Github to their knees.

In the Q4 2018 State of DDoS Weapons report, A10 found that five of the top IoT malware dropped belong to the Mirai family, with the sixth belonging to the Gafgyt/Bashlite family. 

The majority of those malicious IoT items are hosted in the U.S., Italy, the U.K., Germany and the Netherlands. In terms of ASNs, the majority of IoT malware is hosted by Frantech, DigitalOcean, Aruba, Forthnet and HOSTiO.

IoT DDoS attacks and 5G

The increasing size of DDoS attacks today is bad enough, but things are about to get worse with the widespread adoption of 5G.

That’s because the implementation of 5G will usher in an age of unprecedented data speeds and significantly lower latency, meaning that DDoS attacks will have to be mitigated in a matter of seconds, not minutes.

With Ericsson estimating that the number of IoT devices with a cellular connection will reach 4.1 billion by 2024, it’s plain to see why vulnerable 5G-connected IoT devices will pose a serious threat to organisations around the globe.

If left unchecked, the scale of 5G-connected IoT DDoS attacks is likely to make even the biggest attacks of today pale in comparison.

To combat the next generation of 5G DDoS attacks, it’s imperative that organisations implement advanced DDoS threat intelligence that combines real-time threat detection and automated signature extraction. Only then can organisations effectively defend themselves against the colossal, hyper-fast DDoS attacks of the future.

It is with advances in the 5G and IoT market that we will begin to see a rise in major DDoS attacks as current reports show.

It is a double-edged sword as the risks of using IoT is high, but the benefits are also many. If organisations can prepare themselves now for this future, then security teams can be ready to face the next large-scale DDoS threat before it arrives.

If the warnings from these reports are instead ignored or left until the last moment then DDoS attacks will be allowed to find the perfect partner in IoT.

Download image
Network functions virtualisation: What is is, how to use it, and why it matters
Network functions virtualisation (NFV) is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
How security awareness training can safeguard companies from cyber-attacks
Training goes a long way in embedding a culture of cybersecurity compliance within the company.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More