Page 17 - Cyber Warnings
P. 17
The Dawn of the DDoS of Things (DoT)
Dr. Chase Cunningham, Director of Cyber Operations at A10 Networks
Last year saw an unprecedented uptick in the volume, size and scope of distributed denial of
service (DDoS) attacks.
Led mostly by the Mirai malware, this drumfire of DDoS attacks took advantage of unsecured
Internet of Things (IoT) devices to build massive botnets and launch mammoth DDoS attacks,
the likes of which the industry had never seen. For the first time, DDoS attacks exceeded the 1
Tbps threshold.
And Mirai is still making waves.
In his keynote presentation at RSA Conference 2017, Intel Security Senior Vice President and
General Manager Christopher Young warned that Mirai is thriving.
“We can’t think of the Mirai botnet in the past tense. It’s alive and well today, and recruiting new
players,” he said.
Researchers suggested Mirai was just the beginning. Making public the code needed to launch
an IoT-powered botnet was a first salvo.
A rival botnet malware, Leet, quickly followed on the heels of Mirai and used SYN payloads
different than Mirai. And in 2017, there’s sure to be another chapter in this saga.
Welcome to the DDoS of Things
This is the era of the DDoS of Things (DoT), where bad actors use IoT devices to build botnets
which fuel colossal DDoS attacks. The DoT is reaching critical mass — recent attacks have
leveraged hundreds of thousands of IoT devices to attack everything from large service
providers and enterprises to gaming services, media and entertainment companies.
And it’s estimated that there will be 24 billion connected IoT devices by 2020.
As an attack method, it’s now even easier for attackers to commandeer IoT devices for
nefarious purposes.
Many devices still use unsecure default credentials and are ripe for the picking.
Basic instructions are available online and the lucrative DDoS-for-hire market is expanding.
The DDoS of Things is powering bigger, smarter and more devastating multi-vector attacks than
ever imagined.
17 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide