Using Unsecured IoT Devices, DDoS Attacks Doubled in the First Half of 2017

According to a report recently published by the security firm Corero the number of DDoS Attacks doubled in the First Half of 2017 due to unsecured IoT.

Denial of Service (DoS) attacks have been around as long as computers have been networked. But if your business relies on the Internet to sell products or collaborate, a DoS attack is more than a nuisance, it can be critical.

Over the past few years, the number of DoS attacks has continued to slowly grow in a “cat and mouse” evolution — bad actors get a slightly stronger attack, and network vendors come up with slightly more resilient equipment to defend. Generally the attacks came from botnets comprised of infected computers and servers. The cost of acquiring and keeping these systems in the botnet was relatively expensive, so there was an economic limiter on how fast the attacks would grow. Then Mirai happened in 2016 and everything changed.

The Mirai botnet didn’t struggle with corporate security teams and technical security controls like anti virus software and firewalls.

Instead, it focused on the millions of Internet of Things (IoT) devices like webcams and Internet routers in the home to build the botnet. With no security controls to overcome, the Mirai botnet was able to grow and launch Distributed Denial of Service (DDoS) attacks larger than ever seen before. A high-profile attack against Internet journalist Brian Krebs signaled that things had changed, then the October 2016 attack against DNS provider Dyn, showed how devastating a DDoS attack can be. And in the world of a cyber criminal, devastating is where the profit opportunities lie.

According to an Arbor Networks’ report at the end of 2016, “In 2016, IoT botnets emerged as a source of incredibly high volume DDoS attacks. So far these massive attacks have not leveraged reflection/amplification techniques. They are simply taking advantage of the sheer number of unsecured IoT devices that are deployed today.” (PDF) The report goes on to highlight that the number of DDoS attacks was up significantly over 2015 and the average size and time of the attack has also increased. “The longest DDoS attack in Q4 2016 lasted for 292 hours (or 12.2 days) – significantly longer than the previous quarter’s maximum (184 hours, or 7.7 days) and set a record for 2016,” according to Kaspersky’s DDoS Intelligence Report for Q4 2016. Knowing that cyber crime is fueled by profit motives now, it is safe to assume that the cyber criminals have figured out how to monetize the IoT threat and we can expect this growing trend in attacks to continue.

We have confirmation of this trend from DDos prevention provider, Corero. According to their most recent analysis, “Organizations are now experiencing an average of 8 DDoS attack attempts per day, up from 4 per day at the beginning of 2017, fueled by unsecured IoT devices and DDoS-for-hire services.” Massive DDoS attacks are getting all of the press attention, but they are only part of the story. What is most interesting about the analysis, however, is the discovery that, “A fifth of the DDoS attack attempts recorded during Q2 2017 used multiple attack vectors. These attacks utilize several techniques in the hope that one, or the combination of a few, can penetrate the target network’s security defenses.” In other words, the criminals’ objective often isn’t the denial of service, but using overwhelming noise at the perimeter to hide malware injection and data exfiltration activities.

DDoS has joined other cyber crimes as a well established, profitable exploitation technology. For as little as $20 per hour, anyone can take advantage of DDoS-as-a-Services and launch an attack at their target of choice. The opportunity to profit from Ransom Denial of Service, where companies pay to avoid being DDoS’d, to using DDoS as a mask for other profitable cyber crime activities means we haven’t seen the end of the growing trend in Denial of Service attacks.

About the author: Steve Biswanger has over 20 years experience in Information Security consulting, and is a frequent speaker on risk, ICS and IoT topics. He is currently Director of Information Security for Encana, a North American oil & gas company and sits on the Board of Directors for the (ISC)2 Alberta Chapter.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – DDoS Attack, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.