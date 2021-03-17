Why IoT Devices Are the Optimal Targets for DDoS Attackers

Did you know that your new smartwatch could easily take part in a DDoS attack without you ever knowing? In fact, any of your IoT devices could easily share the same fate if you don’t make the effort to protect them. After all, their built-in defenses are extremely weak.

After hijacking yours and millions of other devices, the hacker will either extort the victim or perform a vicious DDoS attack right away, causing the victim enormous losses. And as the IoT market expands, botnets expand with them. As a result, the threat of DDoS attacks is now bigger than ever.

Despite the prevalence of this issue today, most people don’t take any interest in DDoS attacks until they affect them personally. At that point, the damage is already done, and their options are quite limited. That’s why we need to spread awareness.

Let’s start by understanding how hackers can exploit IoT devices to execute DDoS attacks. Before that, we should explain what is a DDoS attack and how it works.

Understanding DDoS Attacks

Essentially, a Distributed Denial of Service (DDoS) attack is a way of sabotaging a server by overwhelming it with traffic. The hackers will typically start by taking control of a great number of IoT devices using malware. Each device will become part of the botnet, i.e., the network of hijacked devices. Finally, the hacker will use it to bombard the target server with requests and cause it to malfunction.

Recently, we’ve seen a rise of ransom DDoS attacks, which typically involve the extortion of money (recently cyber currency). However, the motives behind the attacks aren’t always financial. Revenge, ideological clashes, and competitive advantage gain are also common among hackers.

Even without a ransom, the attack itself is costly, as it inevitably causes the company revenue loss and reputation damage. According to some reports, an hour of downtime alone could cost businesses hundreds of thousands of dollars.

How IoT Has Found Its Way Into Everyday Use

Internet of Things (IoT) is a network of interconnected physical smart devices, such as appliances and gadgets. The IoT wouldn’t be possible without the incredible technological advancements — sensors, machine learning, AI, automation, 5G — which allow the devices to seamlessly communicate.

IoT devices provide an amazing, fully-personalized user experience. Besides that, they don’t require much human assistance, so they’re typically quite intuitive and easy-to-use. An IoT device can be your Google Home, TV, speaker, coffee maker, even baby monitor. Aside from these consumer products, IoT can also be used for commercial, industrial, infrastructure, and military purposes.

The number of IoT devices is rising rapidly, and that’s a major understatement. According to Security Today’s reports, 127 new devices are connected every second. While there were around 7 billion devices in 2019, there are most likely more than 30 billion today. What’s more, we can expect to have more than 50 billion units by 2030.

Why IoT Devices and DDoS Attacks Go Hand in Hand

Given that IoT devices will only keep growing in popularity, we need to raise concerns about their security. Thus far, they have been notorious for their non-existent or weak defenses, various oversights, and holes in the system.

For starters, most units come with generic, guessable passwords that even a beginner hacker can figure out. On top of that, most users don’t care enough to change these passwords. Now imagine what an experienced hacker could do with a bit of help from AI and machine learning. In essence, they could teach a machine to automatically detect such weak links, hack their passwords, and turn them into bots, thus expanding their botnets at a rapid rate.

Apart from the poor authentication, some of the other vulnerabilities of IoT devices include:

insecure network

insecure data transfer

absence of proper security firmware

various update issues

lack of monitoring

Real-Life Example

One of the largest DDoS attacks in history was the 2016 attack on Dyn, a DNS provider. The attacker was said to be the infamous Mirai botnet, which is actually one of the few known botnets that utilize IoT devices instead of computers. This attack caused a whole day of downtime, affecting popular platforms like Twitter, Netflix, Reddit, and many others.

IoT Devices and DDoS Protection

First of all, manufacturers should ensure that their devices have some form of protection before selling them to customers. In January 2020, California passed a senate bill ordering companies to equip their products with proper security features, which is a good first step. We hope other states, as well as countries, will follow in California’s footsteps and carry out similar regulations soon.

Apart from that, every user is responsible for their own IoT devices. In other words, you also need to do your part and do what you can to protect them from DDoS attacks. Here are some actions you might consider doing:

reconfiguring the devices’ settings

picking strong usernames and passwords

adding two-step verification

regular monitoring

regular updates

If you’re a reputable business owner, it goes without saying that you also need to implement an advanced security solution with multiple servers. In addition, a thorough DDoS response plan is a must for every company.

The Bottom Line

With the rise of cheap botnets-for-hire, anyone can perform a DDoS attack without any skills whatsoever today. In addition, IoT devices keep growing in numbers, yet their security is still overlooked, which is incredibly concerning. If we want futuristic-looking smart homes to become our reality, we must do better in terms of IoT cybersecurity.