DDoS attacks are hard enough to handle. But what happens when IoT devices are causing them?
IoT security itself is hardly a priority to the manufacturers creating these devices. In fact, Michael F. Angelo, Chief Security Architect of Micro Focus, explains security as goal number 6 in the chain of command; first you make the device work, then make it work well, make it cost effective, add more key features, fix what's broken, and then you get to consider security.
“We’re so focused on making it work that we miss the bottom line,” he explains in a SecureWorld web conference.
IoT devices aren't just fun gadgets we keep around in our house to entertain us or to tell us when we've run out of milk; IoT devices are also running our cars, our work, the places we spend our money - and what happens if security is an afterthought? What happens if someone hacks our car as it's going 60 mph down the freeway?
Angelo brings up another point...if 50 billion IoT devices get compromised, who will be responsible for the mess?
Here's where the IoT breach meets the DDoS attack and gets tricky.
Tom Bienkowski, Director of DDoS Product Marketing for Arbor Networks says that as security professionals, we need to be continuously asking ourselves, “Are you sure you know what a modern DDoS attack looks like?” This will greatly impact how your incident response plan is prepared to handle an attack.
In reality, 88% of DDoS attacks are less than 2Gbps in size and don't last very long. It doesn't take much to knock our network offline. Plus, DDoS attacks are happening at an average of every 6 seconds and are increasing in frequency, according to Arbor Network data.
Furthermore, DDoS attacks are becoming more advanced. The Mirai botnet used approximately 500,000 IoT devices around the globe to launch a massive DDoS attack, the size of which had never been seen before.
Even scarier, it's estimated that it only takes a device 10 minutes to be rescanned and enslaved again, even after rebooting and removing the malware.
It's critical that your systems are running multi-layered DDoS protections that should include on-premises DDoS mitigation systems, cloud-based DDoS protections, and network-based techniques such
as S/RTBH & Flowspec, according to Bienkowski.
To learn more about IoT-based DDoS attacks, and to know how your legal team fits in to the picture, you can view the web conference here.
