IoT devices and DDoS attacks
Last Friday, Steve Herrod, Managing Director of General Catalyst, warned us about the dangers of the lack of security of the Internet of Things (IoT), namely all the poorly secured devices which are part of it. Indeed, hackers can hijack most of these devices, and then to turn this Internet of Things into a real “Botnet of Things”, a DDoS nightmare…
But what does DDoS stand for? It means Distributed Denial of Service: a DDoS is a deliberate attack on a website, which mostly consists in overloading a website with traffic to make it unavailable. To acquire the capacity to generate a significant traffic, the attacker must first build its network of infected devices: it is called a botnet. The botnet acts as a zombie army, with plenty of devices infected with malicious software, waiting for the DDoS attack to be directed. These attacks can take down any websites, no matter their size, while controlling remotely the infected machines. Here are some figures to help realize how crucial is this topic:
- $150 is the price of a week-long DDoS attack on the deep web
- More than 2000 attacks took place every day in the world
- 1/3 time a website goes down, it is because of a DDoS attack [1]
Thus, DDoS is a particularly dangerous threat to consider and because of an unmonitored development of the IoT, this could become far worse… Indeed, most of the machines infected by the hackers used to be computers, but they are not the only vectors of DDoS anymore. The IoT does provide attackers with a huge number of new zombies: home routers or security cameras are part of these new tools making DDoS attacks far more powerful. Lot of them are even unsecured, or contain a default password: they are easy targets for a malicious software. [2]
The power of this new strike force already proved very harmful, witness the October 21, 2016 IoT DDoS attacks. These attacks targeted Dyn, a DNS infrastructure, which resulted in many major websites being unavailable, namely Twitter, Reddit or Spotify. Thus, the attacks have disrupted thousands of financial transactions that were taking place at this moment. It shows the impact DDoS attacks can have on the world economy and how it can disturb daily lives, not to mention the political influence these attacks can carry –even if it was not the purpose of the attacks mentioned above. [3]
These considerations highlight the need to take security into account while developing the IoT. Relevant regulation is of utmost importance to avoid providing hackers with a broader range of weapons. Indeed, security should be at the center of IoT development, which was not the case so far…
Sources
[1] http://www.digitalattackmap.com/understanding-ddos/
[3] https://www.welivesecurity.com/2016/10/24/10-things-know-october-21-iot-ddos-attacks/