The dream of the Internet of Things is for a world in which every commonplace object can not only be made “smart,” but can also communicate with every other object. Who wouldn’t want to wake refreshed after a night on their sleep-tracking smart mattress, to have their coffee machine instantly fire up, preparing the the perfect beverage based on the current date?
But as much as the Internet of Things sells consumers on a dream, that dream could quickly transform into a nightmare in the event of a malicious hack. A person on the receiving end of a targeted assault from hackers might suddenly find that their decision to kit out their home with smart locks, smart cameras, and “always listening” speakers wasn’t quite so smart after all. Add in the possibility of such devices being harnessed without your knowledge and chained together in giant Distributed Denial of Service (DDoS) attacks and things get even more chilling.
It’s for reasons like this that it’s crucial that both individuals and organizations are aware of the threat that exist — so they can ready themselves with the necessary botnet safeguards and DDoS protection.
The threat of DDoS attacks
Until now, the overwhelming majority of corporate hacks have employed familiar approaches, such as phishing emails, able to glean employee login credentials, or bug exploits that make it possible to access systems from outside. Fortunately, as awareness of these potential vulnerabilities have grown, so too has companies’ investment in the kind of cybersecurity systems which can offer early detection and warnings.
Unfortunately, hackers haven’t thrown in the towel for good. Instead, they’ve regrouped and began to focus their efforts on IoT devices. These devices, which are often unsecured or lack sufficient security protocols, present a weakness that hackers are eager to exploit. Many IoT devices run their own proprietary code, which can make it difficult for security systems to comprehensively cover. Meanwhile, the makers of such devices can be slow to patch vulnerabilities that exist – if they even patch them at all. The result is internet-connected devices with few safeguards in place to stop them falling prey to hackers. These hackers, meanwhile, get an easier port of entry, along with the ability to hop from one vulnerable connected device to another: bypassing the need to even come into contact with PCs and servers.
The effects can be devastating. In 2016, hackers carried out a sustained cyberattack in which 100,000 IoT devices — including such devices as digital cameras and fridges — were unwittingly infected by malware and used to bombard for a cataclysmic DDoS attack. The attack targeted one of the world’s most crucial servers and bombarded with traffic until it collapsed. The massive hack temporarily brought down giants including Spotify, Twitter, and PayPal, among others. Unknowing IoT device owners were not even aware that their gadgets were being used in this way manner.
Fortunately, a DDoS attack of that size, using IoT devices, has not been replicated since. But just because a single sustained attack of that scale has not recurred doesn’t mean that the frequency of such hacks isn’t picking up. Researchers have observed that DDoS attacks are increasingly in number, and blame both the growing availability of DDoS-for-hire services, and the abundance of unsecured IoT devices.
Something needs to be done
Smart devices aren’t going away any time soon — and nor do we want them to. By 2020, an anticipated 20.4 billion smart devices are estimated to be deployed around the world. With around 7.7 billion people in total on the planet, that’s just under three IoT connected devices per person. Due to the massive upside that these devices can pose, it would be unrealistic to think that companies are best advised to skip the smart device revolution altogether. That’s as unlikely a prospect as telling a competitive business that it must keep all of its computer systems offline on the chance that an employee clicks a malicious link.
But something nonetheless needs to be done. Attackers will continue to find new ways of exploiting smart devices: whether this be by chaining them together in massive botnet attacks or using them to listen in or surreptitiously extract data from businesses and individuals. There is, sadly, no limit to the size or scale of potential future attacks in a world in which virtually every object will soon come with a processor and internet connection.
The makers of such devices must take their responsibilities more seriously for ensuring user safety. Adequate protections and securities must be baked into devices from the very start. Patches must also be quickly issued when security lapses are highlighted — which they inevitably will be. But users must not assume that companies are doing this. They must put in place proper security measures, or recruit those who can. The challenge of detecting and mitigating DDoS activity and threats across a broad range of connected IoT devices isn’t easy. However, proactive steps can – and must – be taken.
After all, it’s the future of your company and your customers’ data at stake.