IT Security: The Many Risks Involved in the Internet of Things
IoT devices and industrial machinery are increasingly targeted by professional cyber-attacks, especially DDoS attacks. Preventing this kind of attack is the companies’ responsibility.
The internet of things opens up new opportunities. Smart factories with connected industrial machines, smart cities with trailblazing innovations and smart homes with next-generation appliances and everyday items designed to make our lives easier are emerging. Looking at the industrial context, besides connected manufacturing facilities, the digitization of business processes involves the rise of cloud applications. The number of native cloud applications rose from 20,400 in October 2014 to 220,000 in October 2016.
But there is a dark side to this brave new connected world. If they’re unprotected, IoT devices can be hijacked for cyber-attacks, which are often directed against the devices themselves. By 2020 it is expected that 25% of cyber-attacks will target IoT devices. One of the most popular methods of cyber-attack is and will be the DDoS attack.
The situation – a dramatic rise in DDoS attacks
In 2017, the number of IoT devices in use passed the 8-billion mark. More and more of them are getting infected. Botnets are multiplying.
According to the latest surveys, almost half of businesses are concerned about their IT security. 2 thirds of decision-makers in IT expect a DDoS attack within the next 2 years. Almost all of them fear disastrous consequences for their companies if a DDoS attack hits. Those security concerns are justified: in the past 6 months, the number of DDoS attacks detected and fended off by the Link11 Security Operation Center has risen by more than a third compared to the previous half year , a figure only likely to increase.
The threat – the Mirai botnet and its myriad versions
The Mirai botnet, now known around the world, was the first of its kind to piggyback on the IoT’s rise, using it to launch DDoS attacks. For this purpose, vulnerabilities in the IoT devices’ standard factory software are exploited. In late 2017, 3 US students admitted to having written and spread the Mirai malware. Mirai is still one of the largest and most dangerous botnets on a global level and was behind some of the most severe criminal DDoS attacks in modern history.
Currently, a great number of botnets of different types is in circulation, all based on the Mirai code. These are the most common of the newer botnets:
The Persirai botnet
The attackers use the Persirai botnet to exploit several security flaws of IP cameras. 1,250 different models by a Chinese manufacturer producing cameras for numerous western brands are affected. The
The IoTroop botnet is primarily tuned into smart homes. It targets routers, surveillance cameras, NAS systems and DVRs. The exploit uses vulnerabilities on the firmware level.
The Hajime botnet
Hajime is a particularly insidious piece of malware, which successfully closes up ports previously used for Mirai attacks on the one hand, but also opens several others to build its own botnet. The Hajime software wields considerable destructive power as it’s extremely adaptable and can quickly adjust to new features – even updates – introduced to the affected devices.
These are just a handful of examples of extant botnets. New versions are constantly under development. Each new weak spot, once found, can and likely will be used to create new malware designed to turn internet-enabled devices in connected systems into weapons for DDoS attacks.
The method – objectives of DDoS attacks
DDoS attacks based on IoT devices are particularly vicious as they can hit any part of a company. For example, DDoS attacks may:
- Deactivate individual computers, specific services or even entire networks
- Affect specific hardware systems such as alarm systems, laptops or phones
- Impair individual system resources such as routing data, bandwidth or memory capacity
- Introduce malware designed to cause errors in computers’ micro-code or processor functions
- Permanently damage the entire operating and control system
The likelihood of a coordinated attack using multiple DDoS vectors is very high at 45 %. A coordinated DDoS attack causes severe damage whose true extent only becomes apparent to the targeted company with time.
IoT security – an important investment in the future
In order to provide efficient protection from IoT-based DDoS attacks, there must be a focused effort to upgrade IoT security. Dedicated security investments prevent unauthorized external access and make IoT devices botnet-proof.
To protect their own devices from being exploited, businesses should at least:
- Change the standard settings as often as possible
- Use strong authentication processes and passwords
- Set up state-of-the art device scans
However, these basic measures are not enough. One of the most effective defense mechanisms against IoT attacks is a DDoS protection solution that checks and filters data traffic before it even reaches the company’s network.
In an increasingly connected world, the significance of IT security is also increasing. It is more and more important for companies to take efficient measures like DDoS protection solutions to provide comprehensive protection for their own as well as their customers’ data.
Stay updated on current DDoS reports, warnings, and news about IT security, cybercrime and DDoS protection.
Follow Link11 on Twitter
https://t.co/AtNMRQvCYI Did you know that 37,9% of internet traffic is made up of bots? Or that 20,4% of that amoun…
7 Retweets 6Read More
The Link11 360° degree DDoS Protection is... ➡️ Smarter: AI-based Whitelisting approach ➡️ Faster: Attack mitigati…
5 Retweets 4Read More
The European Organisation for Safety of Air Navigation revealed new cyber security statistics!…
1 Retweets 3Read More
➡️ Link11 Report discovers record number of DDoS attacks in first half of 2021. 1) DDoS at…
9 Retweets 7Read More
The European Union Agency for Cybersecurity (= ENISA) identified the most common cyber challenges/threats and issu…
5 Retweets 8Read More
⚠️ Have you been the target of a DDoS/ransomware attack, or even an extortion attempt? If this happens, don't worry…
3 Retweets 2Read More
https://t.co/a0lf7SPB37 Want to see more interesting facts, data and insights from the Cyber- & DDoS Attack threats…
15 Retweets 8Read More
❗ ️Warning: New wave of ransom DDoS attacks by Fancy Lazarus! Are you also affected? Don't worry, there are things…
6 Retweets 3Read More
Electronic Arts has suffered a big data breach resulting in hackers getting away with important source code for gam…
1 Retweets 1Read More
https://t.co/HqsAkp4Wk2 Are you passionate/curious about cybersecurity? Subscribe to our monthly Newsletter and sta…
7 Retweets 4Read More