This allows hackers to perfect their attack techniques, while remaining under the radar, leaving security teams blindsided by subsequent attacks. If these techniques are then deployed at full scale with a botnet, the results can be devastating.
Organizations must be better equipped to deal with the inevitable DDoS attack – IoT related, or otherwise. In the early days of DDoS attacks, more than two decades ago, operators handled an attack with a null route; i.e., a remote trigger blackhole. If they detected something going awry, they would look at the victim – the IP that was targeted – and null route everything associated with the victim. This got the attack traffic off the operator’s network and stopped the collateral damage against other unintended victims. However, it sacrificed the victim in the interest of keeping the rest of the network viable.
The DDoS mitigation landscape then evolved to a slightly more advanced technique, which involves routing the attack traffic to a scrubbing center where human intervention and analysis is typically required to remove the attack traffic and return the legitimate traffic to its intended target. This process is resource-intensive and expensive. Plus, there’s often a lengthy delay between detection of the attack, and when the actual remediation efforts begin.
To keep up with the growing sophistication and organization of well-equipped and well-funded threat actors, it’s essential that organizations maintain comprehensive visibility across their networks to instantly and automatically detect and block any potential DDoS incursions as they arise.
Proactive DDoS protection is a critical element in proper cyber security protection against loss of service and data breach activity. This level of protection cannot be achieved with traditional internet gateway security solutions.
The DDoS protection of today requires robust, modern DDoS defenses that will provide both instantaneous visibility into DDoS events, real-time mitigation as well as long-term trend analysis to identify adaptations in the DDoS landscape to deliver proactive detection and mitigation techniques. Automatic DDoS mitigation is available today to eradicate the damage of DDoS and eliminate both the service availability and security impact. The only proper defense is to use an automatic, always-on DDoS mitigation, which can monitor all traffic in real-time, negate the flood of attack traffic at the internet edge, eliminate service outages and allow security personnel to focus on uncovering any subsequent malicious activity, such as data breaches. This type of automatic, always-on protection can come in various forms – either on-premises, or purchased as a security service from an upstream provider. It is only through deploying these real-time solutions that organizations will be able to identify and mitigate the most serious botnet-driven DDoS attacks on their networks in the years ahead.
An effective DDoS defense can also be deployed as a premium DDoS Protection as-a-Service (DDPaaS) offering from an upstream internet provider. Carriers are in a unique position to effectively eliminate the impact of DDoS attacks against their customers by surgically removing the attack traffic transiting their networks before flowing downstream. Providing such a service not only streamlines the operations of providers, giving them increased visibility and making their services more reliable, but also drastically reduces the impact of IoT driven DDoS attacks.
Preventing and mitigating the exploitation of the IoT is going to take quite a concerted effort. Device manufacturers, firmware and software developers need to build strong security into the devices. Installers and administrators need to change default passwords and update patch systems – if this is even possible – when vulnerabilities do arise.
The home user must also be educated on best practices in securing their devices against vulnerabilities. The average user of connected devices, whether that be your smart home, smart appliances, smart car or smart office, does not typically pay close attention to software updates or critical patching schedules. They also don’t quite understand how these devices are connected or sharing data. IoT devices often have just enough processing power to deliver their required functionality, with security an after-thought at best or often not present at all. Combine this with the fact that access control passwords are often left at their factory defaults, or users choose alternatives which are easy to crack using brute force techniques. The human component is often underestimated as a contributor to an overall lack of security of the IoT.