A recent report published by Akamai confirms a 140% percent year-over-year increase in DDoS attacks greater than 100 Gbps. The report also notes that 7 of the 12 Q4 2016 “mega attacks” with traffic greater than 100 Gbps can be directly attributed to the Mirai botnet.
Interestingly, the number of IP addresses involved in DDoS attacks grew significantly in Q4 2016, despite DDoS attack totals dropping overall. Perhaps not surprisingly, the United States sourced the most IP addresses participating in DDoS attacks – totaling more than 180,000.
“As we saw with the Mirai botnet attacks during the third quarter, unsecured Internet of Things (IoT) devices continued to drive significant DDoS attack traffic,” stated Akamai’s Martin McKeay. “With the predicted exponential proliferation of these devices, threat agents will have an expanding pool of resources to carry out attacks, validating the need for companies to increase their security investments. Additional emerging system vulnerabilities are expected before devices become more secure.”
Akamai’s report follows an equally sobering warning from Juniper Research that cybersecurity has reached a “boiling point” as the threat landscape continues to widen.
“The consumer market landscape is woeful [with] lax attitudes typified by […] astounding ‘do nothing’ Mirai Worm advice to consumers,” Juniper Research security analysts wrote in January 2017. “Regulatory, corporate and media collaboration [will] be needed in order to improve the overall threat landscape.”
As we’ve previously discussed on Rambus Press, Mirai malware infects vulnerable IoT devices by continuously scanning the Internet for systems utilizing factory default or hard-coded usernames and passwords. According to cybersecurity journalist Brian Krebs, vulnerable devices are then seeded with malicious software that turns them into ‘bots,’ forcing them to report to a central control server that can be used as a staging ground for launching powerful DDoS attacks designed to knock Web sites offline.
It is therefore important for consumers to be cognizant of the very real threat posed by insecure IoT devices, such as connected appliances, routers, IP cameras and digital video recorders. Unlike PCs and mobile devices such as tablets or smartphones, serious or even critical vulnerabilities are very rarely addressed with firmware updates by manufacturers in a timely manner.
With the number of devices, sensors and actuators are projected to reach over 46 billion by 2021, making the specter of attackers exploiting vulnerable and poorly secured IoT devices loom ever larger. Indeed, the overall effectiveness of a DDoS attack is contingent upon the number of IoT devices participating in any distributed denial-of-service campaign. Vulnerable IoT endpoints clearly provide attackers with the scalability needed to launch effective DDoS attacks.
One approach to achieving a safer IoT environment would see devices secured throughout their lifecycle from chip manufacture, to day-to-day deployment, to decommissioning. This can be accomplished with a silicon-based hardware root-of-trust that offers a range of robust security options for IoT devices, including secure connectivity between the IoT device and cloud services.
It may also be time for the industry to re-examine the current state of DDoS protection on the service side. One possible way of shoring up defenses against costly DDoS attacks would be to bolster cloud service security. This can be done by uniquely and cryptographically verifying each IoT device to determine if it is authorized to connect to a specific service. Devices that are not authenticated can be denied access to the service, which would, in turn, reduce the effectiveness (and damage) of a DDoS attack.