Why the Internet of Things could lead to the next great wave of DDoS attacks

Businesses should ensure that they are still securely protected against DDoS attacks, despite the recent growth of other trends such as ransomware.

That’s the warning from Arbor Networks, which is urging organisations of all sizes to make sure they stay safe online as DDoS attacks are still rife around the world.

Speaking to ITProPortal at the recent InfoSecurity Europe 2017 event in London, Arbor CTO Darren Anstee reinforced the need for businesses to maintain their DDoS protection, despite it being hard to predict who might be hit next.

"DDoS is all about targeting the availability of those services that modern businesses rely on," he noted.

In order to combat this growing threat, the company recently revealed an updated version of its APS on-premise, distributed DDoS detection and mitigation platform for enterprise customers.

The new release includes Arbor’s latest Cloud Signalling tool, which can help reduce the time to attack mitigation, bringing together on-premise and hybrid cloud migration efforts.

The Internet of Things (IoT) is also set to provide a major new threat landscape for DDoS attacks, Arbor Networks believes, with past attacks such as Mirai and Dyn showing the potential for chaos.

"There are a lot of IoT DDoS attacks going on out there",  Anstee says, noting that most people only hear about these assaults when a big brand is affected.

Poor regulation of IoT products has not helped with the spread of potential attacks, with many consumers unaware that the items they are buying will pose some kind of security risk.

But Anstee says that commercial pressure could instead play a big role in changing the current landscape, as vendors often return to market trends faster than regulatory pressure.

"If you want things to change quickly, you have to get people to get security implemented into their buying process,” he notes, adding that it is a “valid worry” that IoT attacks could scale to affect areas such as smart cities and infrastructure networks soon.

"We are going to see IoT devices being used for more nefarious purposes over the next few years...I don't see the problem going away".

As the recent WannaCry ransomware attack showed, however, businesses need to be protected against all kinds of threats.

Anstee noted that ransomware should remain a major concern for companies both large and small likely to be targeted.

"It's a numbers game when it comes to ransomware,” he noted, “it is a very broad brush - if just one or two people pay, it makes it all worthwhile." 

In order to stay protected, there are several central steps that companies can take, Anstee added.

This includes network segmentation, which would allow infections such as WannaCry to be quickly and easily contained. "It's not a sexy topic, but it needs to happen in many businesses,” he says. “We've all focused on agility, and flattening network infrastructure...but this is really important, as it can stop such attacks propagating within networks, if it's done properly."

But companies also need to ensure they have proper IT risk management systems, with Anstee noting that some infections WannaCry could have been blocked quickly if proper processes had been in place - and various departments had communicated properly.

"You can't really blame anyone for this,” he concludes, “it really is a lot about talking to each other."