The lack of protection of these devices allow them to be recruited as bots in an army to be used in DDoS attacks against unsuspecting victims. Statements made by FBI Assistant Director, Joseph Demarest indicated a major increase in botnet activity. "The use of botnets is on the rise. Industry experts estimate that botnet attacks have resulted in the overall loss of millions of dollars from financial institutions and other major US businesses," he said. The advent of IoT will only exacerbate this problem as it introduces billions of new potential bots.
The notion of a huge botnet targeting your business with a DDoS attack is the type of threat that keeps even the most experienced security professionals up at night. Botnets can harness vast size and power, as well as demonstrating a huge amount of sophistication.
These powerful botnets have significantly transformed the DDoS landscape. Once, attacks were the exclusive domain of small, technical elites who had enough coding skills to launch a strike. Nowadays DDoS-for-hire botnets have significantly lowered the barriers to entry. For example the recent attacks targeting www.krebsonsecurity.com achieved one of the highest volumetric DDoS attacks reported to-date at 620Gbps. This considerable attack was built on a massive botnet, comprised of hundreds of thousands of systems, including a large number of IoT devices.
There is really no limit to the potential size and scale of future botnet-driven DDoS attacks, particularly when they harness the full range of smart devices incorporated into our Internet of Things. Terabit-class attacks may be increasingly common and "breaking the Internet" – or at least clogging it in certain regions – could soon become a reality. The bottom line is that attacks of this size can take virtually any company offline – a reality that anyone with an online presence must be prepared to defend against.
It isn’t just the giant attacks that organizations need to worry about. Before botnets are mobilized, hackers need to make sure that their techniques are going to work. This is usually done through the use of small, sub-saturating attacks, which most IT teams wouldn’t even recognize as a DDoS attack. Due to their size – the majority are less than five minutes in duration and under 1Gbps – these shorter attacks typically evade detection by most legacy out-of-band DDoS mitigation tools, which are generally configured with detection thresholds that ignore this level of activity.
These sub-saturating DDoS vectors are often used not to deny service, as the name implies, but rather as reconnaissance tools. This allows hackers to perfect their methods under the radar, leaving security teams blindsided by subsequent attacks. If these techniques are then deployed at full scale with a botnet, the results can be devastating.
But that’s no reason for organizations to resign themselves to eventually getting attacked, despite the proliferation of vulnerable smart devices that can potentially comprise a botnet of near-unimaginable size.
With all those threats, we understand it must be hard to prioritize which security solutions are the most important to implement. However, DDoS attacks are increasingly common and growing more dangerous and sophisticated. So if you don’t have an anti-DDoS solution in place, consider the risks. Can your network threat defense handle a DDoS attack? It’s proven that intrusion prevention systems and firewalls are no match for DDoS attacks. The risks of not investing in DDoS prevention and protection are more than just monetary. When an organization has to mitigate an attack that is taking place, or cleaning up the mess from a damaging attack, instead of preventing the attack from occurring, the costs skyrocket. Businesses will pay a hefty price tag for lost business, damaged reputation, any monetary losses experienced during the outage but also the costs for a reactive solution to the problem.
It is difficult to prevent IoT devices from being recruited into a botnet, but organizations can certainly protect their networks by deploying an in-line, real-time, automated DDoS mitigation solution at the network edge, to detect and eliminate the threats from entering a network. In most cases, botnet DDoS attacks cannot be traced to their origins, so the best approach is a defensive one. But the only successful defensive approach is one that scales linearly with the attack surface. Organizations or the Internet providers themselves cannot continue to rely on legacy out-of-band scrubbing solutions, which are slow to respond and require human intervention to remove the DDoS attack before impacting a network's. A targeted automatic DDoS solution is the only hope. Legacy scrubbing solutions and traditional security infrastructure, such as firewalls, stand zero chance against current DDoS vectors.
The only approach that can deal with the problem completely and automatically is in-line DDoS mitigation. The technology is now available, and operators of every capacity need to investigate how to incorporate this approach to defeat DDoS before it impacts customers, regardless of whether the attacks are driven by IoT bonnets or video gamers in their mother’s basement.