DDoS Attack Puts New Scrutiny on IoT Security
This week, an unprecedented distributed denial of service (DDoS) attack was initiated against a reporter named Brian Krebs. The attack was so sustained and massive that Prolexic (owned by Akamai), the company providing security for the website, had to cancel his account in order to protect the drain on their resources.
KrebsOnSecurity hit with record DDoS attack. Akamai: Someone has a botnet with capabilities we haven't seen before https://t.co/MQketE3nWN
— briankrebs (@briankrebs) September 22, 2016
To be clear, DDoS attacks are not new. DDoS attacks hit a record high in Q2 2015, according to the latest State of the Internet report from Akamai. Digital Trends reports that “DDoS attacks grew seven percent since the last quarter and a staggering 132 percent compared to this time last year. In the quarter there were also 12 attacks that were categorized as “mega attacks,” peaking at more than 1,000 gigabits per second (Gbps) and 50 million packets per second (Mpps).”
What makes this DDoS attack unlike any other is that the botnet carrying out the attack is comprised of tens of thousands of Internet of Things (IoT) devices. Yes, you read that right. An array of IP cameras, connected light bulbs, WiFi-enabled door locks, routers, and other connected devices are being used to carry out a data fire hose so massive that it brings Internet services to a complete halt.
Rob Black, CISSP, Senior Director of Product Management at ThingWorx, recently wrote about how a shared security model addresses the inherent vulnerabilities in IoT security. Black notes that “the types of devices that are now connected to the Internet — automobiles, electrical generators, water supply pumps, etc. — create the potential for real damage if they are compromised.” This is an issue we saw unfold in real time this week.
If you’re planning an IoT strategy, now is the time to make sure your plan is secure as possible. Read Providing Secure Connected Products for more information about IoT security, and don’t miss our webcast replay discussing how to secure your IoT infrastructure.