Internet of Things (IoT) devices are increasingly being used to fuel large-scale Distributed Denial-of-Service (DDoS) attacks. One of the largest attacks targeted KrebsOnSecurity.com, an investigative news website, just last month.

How Does It Work?

Hackers troll the Internet looking for poorly secured IoT devices. Armed with default login and password lists, they use trial and error in an attempt to compromise vulnerable devices. Once infected, these IoT devices join forces into large botnets used to overload one machine or service. The result is the online service becoming unavailable due to overwhelming traffic from multiple sources.

IoT devices are particularly susceptible due to the sheer number of them (Gartner predicts 21 billion in use by 2020) and the lack of built-in security on many.

How Does This Affect My Business?

Businesses can be affected in two ways: as a contributor to a botnet or as the victim of the DDoS attack itself. In the first scenario, your business could be held liable for damages incurred by others as a result of your infected devices. In the second, you risk negative effects to business operations stemming from interrupted network service.

DDoS attacks are also often a smoke screen for other illegal activity as they can distract your IT team. According to DARKReading, “about 21% of the organizations that were hit with DDoS attacks also reported breaches involving loss of customer data.”

Attacks can render critical business systems useless, lead to loss of customer trust and employee productivity, and have large consequences on revenue.

How Can I Protect My Business?

Safeguard your business from participating in or falling victim to an IoT DDoS attack:

  • Audit IoT devices on your network, security capabilities and associated risks.
  • Require IT department involvement in the rollout of new connected devices to ensure security requirements are met and devices are set up correctly.
  • Educate yourself on the most recent attacks, and how they were executed. 
  • Implement password management best practices.
  • Perform regular maintenance on devices; install firmware patches as available.
  • Only connect devices to secure WPA Wi-Fi connections.
  • Disable unnecessary features on IoT devices that are programmed by default.
  • Implement an intrusion detection system to flag suspicious network activity.
  • Seek counsel from a security partner who can ensure devices are installed and monitored properly.

Image Source: Joffi