Why IoT Devices Are Easy Targets for DDoS Attacks

Lalit Ahluwalia is committed to redefining the future of cybersecurity by helping large, medium, and small-scale businesses build digital trust. Here, Lalit explores the alarming rise of DDoS attacks in the just concluded Black Friday and Cyber Monday shopping holiday, the role played by IoT devices in increasing the stakes, and why hackers prefer attacking IoT devices.

Distributed Denial of Service (DDoS) attacks have become an immense threat in our highly interconnected world. November 19 and 27, 2023 came with an alarming spike in online shopping, internet traffic, and DDoS attacks on Black Friday and Cyber Monday. Thanks to smart devices which make buying online so seamless nowadays. 

Imperva’s Black Friday and Cyber Monday 2023 Threat report clearly reveals, “Attacks increased by 6% in October and another 9% in November 2023. The number of attacks spiked by an astonishing 85% on Black Friday. For comparison, Account Takeover attacks on Black Friday 2022 increased by 66%.”

As more internet-enabled devices connect to form the Internet of Things (IoT), the attack surface for DDoS attacks grows. This article explores why IoT devices are exceptionally susceptible to DDoS attacks and how hackers exploit them.

Understanding DDoS Attacks: The What, Why, and How

At its core, a DDoS attack is akin to a digital siege. Hackers orchestrate a relentless deluge of traffic to incapacitate a target’s servers or network, rendering it inaccessible to legitimate users. But why choose IoT devices as the instruments of this digital onslaught?

DDoS attacks serve various nefarious purposes, from wreaking havoc on competitors’ websites to masking more sinister activities. In the context of IoT, the motivations often extend beyond mere disruption, raising concerns about privacy breaches, data compromise, and the compromise of critical infrastructure. 

Cybercriminals employ vast networks of compromised computers, forming botnets, to amplify the impact of their attacks. These botnets can overwhelm even robust networks, leading to downtime, financial losses, and reputational damage. See International Anti-Botnet Guide

DDoS Attacks on IoT Devices

IoT devices, ranging from smart refrigerators to industrial sensors, present an appealing target for cybercriminals. The sheer proliferation of these devices, often deployed without robust security measures, provides a vast attack surface. Moreover, the limited computational power and storage capacity of many IoT devices make them susceptible to exploitation.

The susceptibility of IoT devices lies in their inherent design and functionality. Many small IoT devices lack the necessary computational power to implement robust security measures. Coupled with a dearth of privacy-preserving algorithms, these devices become low-hanging fruit for cybercriminals seeking to orchestrate DDoS attacks. 

As the recent Secureworld report puts it, “The growing adoption of IoT devices by consumers worldwide has further fueled the increase in botnet-driven DDoS attacks, resulting in these attacks contributing to over 40% of all DDoS traffic today.” See Nokia Threat Intelligence Report 2023

Botnets and IoT Devices

Botnets comprised of compromised IoT devices play a central role in executing coordinated attacks that disrupt digital infrastructure and create chaos within business networks. These botnets, essentially networks of computers or devices infected with viruses or malware, empower cybercriminals to exert virtual control over these devices discreetly, without the awareness of their owners or users.

The composition of botnets is diverse, encompassing personal computers and mobile devices, with the size of these networks escalating significantly over time. The proliferation of infected IoT devices alone contributes to the exponential growth, reaching hundreds of millions.

Distributed Denial of Service (DDoS) Attacks

Traditionally, malware-targeted desktop computers formed the primary devices in botnets. However, the evolving landscape of internet-connected devices has expanded the array of devices exploited in botnet attacks. Examples include Linux servers (as seen in the Ebury botnet), Android mobile devices (associated with the WireX botnet), routers (as exploited by the Mirai botnet), and IP cameras (used in the Persirai botnet).

One of the most notorious instances of DDoS attacks is attributed to the Mirai botnet, impacting major websites such as Twitter, Netflix, and Spotify. In 2016, a legion of botnet devices orchestrated a large-scale attack on critical web services. See DDoS on Dyn. Mirai was meticulously designed to target IoT devices, resulting in a situation where nearly one million people in Germany faced internet downtime after their routers fell victim to infection.

Cloudfare’s recent DDoS Report for Q3 of 2023 indicates a substantial surge in the number of Mirai variants, witnessing a 65% increase in HTTPS DDoS attacks and 14% in L3/4 attacks. A new variant named Mozi, derived from Mirai, dominated the flooded traffic scenario in the final quarter of 2019 and persisted into 2020. This specific strain of malware, characterized by its persistent threat, has multiple botnets leveraging Mirai and Mozi viruses to target vulnerable IoT devices. September 2023 got buzzy with emerging Mirai variants such as 8Base, Akira, KiraiBot, HailBot, and catDDoS making the waves, according to an NSFOCUS report.

“Nuspire’s latest threat report underscores the escalating threat landscape, including advanced tactics employed by ransomware groups such as 8Base and Akira. The report also reveals a staggering 67.51% increase in botnets like TorrentLocker, the rise of HTTP Server Authorization Buffer Overflow to the second-most popular exploit, and the dominance of JavaScript phishing variants in malware activity”, reports PRNewsWire.

Why Hackers Prefer to Exploit IoT Networks

Hackers gravitate towards IoT networks due to their ubiquity and diversity. IoT networks span homes, industries, and critical infrastructure, offering a broad attack landscape. Compromising IoT networks allows attackers to exploit vulnerabilities in various sectors, making their impact pervasive and multifaceted. DDoS attacks leverage botnets, and IoT devices, with their widespread deployment, become unwitting soldiers in the hacker’s arsenal. These devices, often lacking security measures, are exploited to distribute botnet malware, turning them into obedient foot soldiers in a digital army.

Protecting the Attack Surfaces of IoT Devices

Securing IoT devices requires a multifaceted approach. From manufacturers implementing robust security measures during production to end-users enforcing stringent access controls, safeguarding the attack surfaces of IoT devices demands collective diligence.

Outcome-based Approaches to Prevent IoT-Enabled DDoS Attacks

• Implementing Robust Authentication Protocols: Strengthen the security of IoT devices by adopting advanced authentication methods. Biometric verification and secure two-factor authentication add layers of protection against unauthorized access. See Access Control Trends for 2023
• Regular Firmware Updates: Manufacturers must commit to regular firmware updates, addressing vulnerabilities promptly. End-users should stay vigilant, ensuring their devices are always running the latest security patches.
• Network Segmentation: Isolate IoT devices from critical network segments to contain potential breaches. This segmentation prevents a compromised IoT device from becoming a gateway to more sensitive areas of the network.
• Behavioral Anomaly Detection: Employ advanced analytics and machine learning to detect aberrations in IoT device behavior. Anomalous patterns may signify a compromised device, triggering preemptive security responses.
• Collaborative Threat Intelligence Sharing: Establish a network where threat intelligence is shared among manufacturers, service providers, and end-users. Proactive sharing of threat data enhances collective defense against evolving DDoS attack strategies.

Detecting and Mitigating DDoS Attacks in IoT with DigitalXForce

According to a recent Imperva report, “In 2023, the peak in online traffic was recorded on November 19, with a second notable peak occurring on Cyber Monday (November 27). In fact, there was 42% more web traffic on retail sites on Cyber Monday than on Black Friday. API traffic accounts for 45.8% of all traffic to online retailers, up from 41.6% last year. With that in mind, the rise in attacks targeting online retailers’ APIs becomes notable.” These insights speak volumes. See IoT APIs and Data Security: Are You Safe?

Implementing intrusion detection systems (IDS) and anomaly-based monitoring on IoT networks allows for swift identification of suspicious patterns or deviations from normal behavior. DigitalXForce offers a suite of cybersecurity solutions powered by artificial intelligence to mitigate Distributed Denial of Service attacks. DigitalXForce provides outcome-based, data-driven, and continuous monitoring of the attack surfaces of digital assets used by e-commerce platforms and retail stores to ensure early detection and response to cyber threats. 

However, mitigating DDoS attacks involves a combination of reactive and proactive measures. Traffic filtering, rate limiting, and rerouting strategies can help absorb the impact of an ongoing attack. Our cloud-based DDoS protection service offerings also provide scalable solutions to counteract volumetric attacks and robust cyber insurance coverage to boost your overall security posture. 

Conclusion

As we navigate the ever-expanding landscape of IoT, the specter of DDoS attacks looms large. Cybercriminals continue to exploit the vulnerabilities of IoT devices, posing threats to privacy, data integrity, and the seamless functioning of critical infrastructure. DigitalXForce helps e-commerce businesses and retail stores detect threats and respond to attacks with real-time, data-driven insights and continuous monitoring powered by artificial intelligence.

Through a concerted effort, incorporating revolutionary preventive measures and proactive detection strategies, the cybersecurity community can fortify the defenses against DDoS attacks on IoT devices. The battle for a secure IoT future requires a collaborative approach, where manufacturers, service providers, and end-users stand united against the rising tide of cyber threats.