IOT "Weaponization" Contributes to Growth of Denial of Service Attacks


In our last post, we discussed the impact of the Internet of Things (IoT) in higher education. Colleges and universities are using Internet-connected devices to improve energy efficiency, security, and educational outcomes. Sensors, controllers and wearable technology make it possible to collect all kinds of data, track virtually anything, and send messages and alerts that optimize operations and the student experience.

For all the benefits of the IoT, there is a dark side. The “weaponization” of IoT devices is contributing to massive growth in distributed denial-of-service (DDoS) attacks that are becoming easier to launch, harder to stop and larger than ever. Security experts gauge the size of an attack by measuring how much bandwidth it eats up. While most attacks are under 1Gbps, an October 2016 attack that took down several high-profile websites hit a record 1.2Tbps. The previous all-time high was 600Gps.

According to a new report from Arbor Networks, cameras, thermostats and other IoT devices with weak or nonexistent security controls are increasingly being hijacked to create massive botnets that are used to flood an organization’s systems and network with fake traffic in order to take it down. That means more devices sending more traffic more frequently, making it difficult for security systems to detect and stop attacks.

Darren Anstee, Arbor Networks’ chief security technologist, says the development of IoT botnets is a “game-changer” for network security because of the numbers involved. “There are billions of these devices deployed, and they are being easily weaponized to launch massive attacks,” he said.

Luckily, colleges and universities don’t seem to be frequent targets of attackers, who tend to focus on high-profile web properties, gaming sites and financial institutions. However, a recent report from Akamai Technologies noted an uptick in attacks in the higher ed sector. Akamai researchers said the attacks could have been launched by students given how easy it is to access and use DDoS tools.

To protect against DDoS attacks, organizations should make sure they are following security best practices when implementing and maintaining firewalls, intrusion detection and prevention systems, load balancers, and application delivery controllers. Additionally, it’s important to update network access policies to effectively deal with IoT traffic. Policies must establish if and how IoT devices should be connected, and what roles they will be assigned that govern their access to the network.

Increasingly, organizations are going a step further with the implementation of purpose-built DDoS protection solutions. These solutions can involve on-premises hardware, a cloud-based service or a hybrid of the two. DDoS protection solutions defend against threats at both the application and network layer with a variety of mechanisms, including behavioral analysis. When suspicious traffic is identified, the solution automatically redirects it to cloud-based “scrubbing centers” for analysis. Upon inspection, malicious traffic is discarded and legitimate traffic is allowed to pass.

As DDoS attacks become more frequent, organizations in all sectors must develop strategies for mitigating those threats. Colleges and universities should also take steps to ensure that their IoT devices aren’t recruited into botnets that launch DDoS attacks on other organizations.