Top Internet of Things Daily & Weekly

IoT Opens New Door for DDoS Attacks

#IoT Opens New Door for #DDoS Attacks #cybersecurity #infosec

  • The internet of things (IoT) may be bringing new benefits to businesses and consumers, but a very small proportion of its billons of connected devices are also contributing to an increased incidence of distributed denial-of-service (DDoS) cyberattacks.
  • Only a small proportion of the billions of IoT devices are insecure, but that’s enough to cause a significant problem, notes Paul Lee, partner and head of global technology, media, and telecommunications (TMT) research for Deloitte Touche Tohmatsu Limited.
  • “If someone malign finds that user ID and password, they can harness it as part of a botnet, which can be used in a future attack,” Lee explains.
  • It’s also becoming easier for savvy internet users to launch attacks, Lee says, thanks in part to the release of instructions based on the so-called Mirai malware used in a major attack last year.
  • In this TMT Predictions 2017 video, Lee and Duncan Stewart, director of TMT research with Deloitte Canada, discuss this year’s DDoS challenge.

Insecure internet of things devices could contribute to more damaging and more frequent distributed denial-of-service attacks this year, according to Deloitte Global, thanks in part to the fact that their user IDs and passwords are sometimes hardcoded. In the wrong hands, those credentials can be used as part of a botnet to launch a DDoS attack.

@cschultz0000: #IoT Opens New Door for #DDoS Attacks #cybersecurity #infosec

Not all IoT devices were built with security in mind, creating fresh opportunities for would-be attackers.

The internet of things (IoT) may be bringing new benefits to businesses and consumers, but a very small proportion of its billons of connected devices are also contributing to an increased incidence of distributed denial-of-service (DDoS) cyberattacks. That’s according to Deloitte Global, which predicts there will be more than 10 million such attacks in 2017.

Not only will this year likely bring more DDoS attacks, but they’ll also be more severe, crippling websites with a larger volume of junk data per second than ever. Attackers are flooding their victims with wildly elevated levels of traffic simply with the aim of rendering those websites—online stores, for example—incapable of serving their true customers. An average of one such attack per month will exceed one terabit per second, Deloitte Global expects.

Only a small proportion of the billions of IoT devices are insecure, but that’s enough to cause a significant problem, notes Paul Lee, partner and head of global technology, media, and telecommunications (TMT) research for Deloitte Touche Tohmatsu Limited. Take video cameras, for example. In some inexpensive devices, user IDs and passwords are hardcoded, which means they can’t be changed. “If someone malign finds that user ID and password, they can harness it as part of a botnet, which can be used in a future attack,” Lee explains. “It doesn’t take that many to cause quite a lot of damage.”

It’s also becoming easier for savvy internet users to launch attacks, Lee says, thanks in part to the release of instructions based on the so-called Mirai malware used in a major attack last year. The availability of increasing uplink bandwidth, meanwhile, is enabling larger volumes of junk traffic to be sent—and greater damage to be done.

It’s a vexing problem, but there are steps companies can take to protect themselves. Decentralizing their networks, for instance, can be one good approach. “If one part of the network gets attacked, the rest can continue to function,” Lee says. In this TMT Predictions 2017 video, Lee and Duncan Stewart, director of TMT research with Deloitte Canada, discuss this year’s DDoS challenge.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see http://www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.   This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or its and their affiliates are, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your finances or your business. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser.   None of Deloitte Touche Tohmatsu Limited, its member firms, or its and their respective affiliates shall be responsible for any loss whatsoever sustained by any person who relies  on this publication. Copyright © 2017 Deloitte Global Services Limited.

IoT Opens New Door for DDoS Attacks