A recent Dimension Data report outlines the rise of DoS/DDoS cyberattacks in 2016 as a result of insufficient security controls of IoT devices
The number of denial-of-service (DoS) or distributed-denial-of-service (DDoS) cyberattacks doubled from 3% to 6% in 2016, mainly because of insufficient security controls of Internet of Things (IoT) devices, according to Dimension Data’s Executive’s Guide to the NTT Security 2017 Global Threat Intelligence Report. Of all IoT attacks, 60% originated from Asia, 21% from EMEA and another 19% from the Americas. Asia has the largest number of attacks due to the fact that technology sourced from the region has historically been susceptible, and compromised infrastructure tends to be reused to perpetrate additional nefarious activities.
The report was framed using data collected by NTT Security and other NTT operating companies including Dimension Data, from the networks of 10,000 clients across five continents, 3.5 trillion security logs, 6.2 billion attempted attacks, and global honeypots and sandboxes located in over 100 different countries.
Global honeypot sensors monitored IoT cyberattacks and their targets over a six-month period. On the basis of the credentials used by threat actors, it was determined that 66% of attacks targeted specific IoT devices such as a particular model of video camera. These attacks appeared to be from compromised IoT devices attempting to find and compromise even more such devices. This would be consistent with an attacker acquiring a large number of devices to use in DDoS and other forms of attack. Of the balance of 34% of the analyzed attacks, it’s likely these were also attempting to grow the attacker’s arsenal by targeting other types of devices.
DDoS attacks using IoT devices can affect an organization in several ways. They can:
- Prevent customers, partners, and other stakeholders from accessing their organisations’ Internet-facing resources, thereby impacting sales and other daily operations
- Prevent employees and internal systems from accessing the Internet, disrupting many facets of operations
- Affect organisations providing services from the Internet, which can cause supply chains to be broken
“There’s nothing about a DDoS attack which requires use of IoT devices only, so attackers may look for as many devices as possible regardless of type,” explained Mark Thomas, Dimension Data’s Cybersecurity strategist. He points out that while DDoS attacks are the most recognized threat, they’re not the only potential outcome of an organization’s IoT and operational technology (OT) devices being compromised.”
There are different actions that organizations can take to protect their businesses, which can be to:
- Make security a primary consideration for all Internet of Things and operational technology device purchases
- Authorise funding as needed to replace older Internet of Things and operations technology device purchases
- Conduct threat and vulnerability assessments
- Ensure devices are discovered and profiled within an organisation