Connected objects: unavoidable in DDoS attacks?

IoT- DDoS attacks

 

Nowadays consumers use and are around connected objects. The Internet of Things (IoT) includes all connected objects like a connected refrigerator, captor, light bulb, security camera, router or even a thermostat control. Their common point? To have an IP address and to be connected to communicate.

According to the American company Gartner, connected objects will reach 20.5 billion units by 2020. We will face an impressive growth of IoT in the years to come.

China, North America and West Europe will represent 67% of IoT in 2017.

However these connected objects are spreading frequently with security flaws, which is an opportunity for DDoS attacks!

Nowadays, Distributed Denial of Service (or DDoS) attacks are frequent. For hackers, it’s quite easy to set up attacks against an unprotected target. These attacks could lead to significant financial loss for companies by disruption of service (website or email) or indirectly, by the harm caused to the target’s image (bad buzz, bad reputation…).

With the arrival of connected objects, chances to be confronted to DDoS attacks are high.

These attacks are making a service unavailable by flooding the system with requests. With the help of digital and connected objects, hackers can send a massive number of requests on one or many DNS servers. They get to remotely control our objects because of their security flaws. If the DNS servers are not protected by a strong anti-DDoS filter, then they are under the risk of not absorbing the high number of requests and as a result, won’t respond to the user’s demands anymore.

In October 2016, DYN Company, DNS service supplier had been the victim of a DDoS attack by connected devices. DNS infrastructure services had been unavailable, which then impacted on their customers’ services: Twitter, Netflix, Spotify…

Many hours offline for these web pure players have a direct impact on sales revenue. DYN affirms that “Ten billion of IP addresses were touched” by this attack.

Last week, Melbourne IT Registrar was also a victim of a DDoS attack. Some of its customers were affected by this service disruption.

We might see more powerful attacks of this kind in 2017.

In the past, attacks were done by computers, today connected devices are a real weapon. Luckily those companies have affirmed wanting to reinforce security on their connected products.

DNS is an absolute priority. It’s essential to secure his strategic domain names by using highly secured DNS, so you can have a high permanent availability.

Nameshield offers a DNS Premium solution to gain performance and assure 100% availability.

 

Author: Adriana Lecerf

Consultant - Nameshield group