IoT blamed for rise in denial of service attacks
April 29, 2015
The rise of the IoT and the influx of network-connected devices, such as webcams and routers, are leading to the growth of simple service discovery protocol (SSDP)-based amplification attacks, according to the latest NSFocus bi-annual DDoS threat report. The report also found that online gaming and entertainment sectors continued to be high on the target list and that attackers were becoming more sophisticated.
The report was released at last week’s RSA Conference in San Francisco.
The results of statistical analysis and key observations are based on data from actual incidents of DDoS attacks that occurred during the second half of 2014. These data were collected from a mix of global enterprises, internet service providers, regional telecoms operators and internet hosting companies.
The rise of IoT-connected devices was responsible for an increase in SSDP reflection attacks. With the proliferation of the IoT, any network-connected device with a public IP address and vulnerable operating system will increase the number of devices that could be used to launch SSDP-based reflection attacks. This particular type of DDoS attack was seen as the second most dominant threat – after NTP-based attacks – in the second half of 2014.
More than 30 per cent of compromised SSDP attack devices were network-connected devices such as home routers and webcams. Findings also revealed that globally, more than seven million SSDP-controlled devices could potentially be exploited.
While 90 per cent of DDoS attacks lasted less than 30 minutes, one attack lasted 70 hours. The shorter attack strategy is being employed to improve efficiency as well as distract the attention of IT personnel away from the actual intent of an attack – deploy malware and steal data. These techniques indicate that today's attacker continues to become smarter and more sophisticated.
Online retailers, media and gaming remain top targets, says the report. As retailers, entertainment and gaming companies increasingly employ online environments, consumers demand the highest level of quality of service. By slowing down or flooding these servers, attackers look to take advantage of online businesses through a variety of means, including blackmail, unfair business competition or asset theft.
"We are watching the evolution of attack technologies that amount to nothing less than bullying (flood attacks) and leveraging (resource exhaustion) tactics that enhance the impact by exploiting network bandwidth,” said Yonggang Han, COO of California-based NSFocus. “To counteract these assaults, organisations must look to traffic-cleaning devices in conjunction with other security protocols."
Founded in 2000, NSFocus provides enterprise-level, carrier-grade products for DDoS mitigation, web security and enterprise-level network security.