By 2020, Gartner predicts the total number of IoT devices will reach 20.4 billion. At the same time, DDoS attacks are on the rise, with Cisco estimating that the number of DDoS attacks exceeding 1 gigabit of traffic per second will soar to 3.1 million by 2021. While correlation does not equal causation, in this case I believe that the two are connected. There is indeed evidence to show that IoT devices are a common thread in large-scale DDoS attacks and that the two reports above are not just a coincidence.
Earlier this year, A10 launched its own Q4 2018 State of DDoS Weapons report which shed additional light onto the connection between IoT devices and devastating DDoS attacks. The findings have exposed the role that IoT plays as one of the biggest cybersecurity threats of our time.
An Overview of DDoS Attacks and IoT
It comes as no surprise that IoT is continuing to grow at breakneck speed: A 2018 report from Bain found that the combined markets of IoT will reach $520 billion in 2021, more than double the amount spent in 2017. According to the State of DDoS Weapons report, that translates to a growth rate of 127 connected devices per second, a number that will undoubtedly grow over the coming years.
Unfortunately, this IoT explosion also provides attackers with a perfect opportunity to hack into vulnerable connected devices, especially for the purpose of building botnets (networks of malware-infected connected devices that can be used to send an overwhelming number of requests to the target’s server).
As Eurecom discovered, hackers have already developed brand new strains of malware designed to target IoT devices specifically. Knowing this, it’s clear that the age of IoT-based DDoS attacks isn’t just on the horizon — it’s already here.
Some of the top IoT malware dropped have already reached global levels of infamy. Take for example the Mirai malware, which brought major websites like Reddit and Github to their knees. In the Q4 2018 State of DDoS Weapons report, A10 found that five of the top IoT malware dropped belong to the Mirai family, with the sixth belonging to the Gafgyt/Bashlite family.
The majority of those malicious IoT items are hosted in the U.S., Italy, the U.K., Germany and the Netherlands. In terms of ASNs, the majority of IoT malware is hosted by Frantech, DigitalOcean, Aruba, Forthnet and HOSTiO.
IoT DDoS Attacks and 5G
The increasing size of DDoS attacks today is bad enough, but things are about to get worse with the widespread adoption of 5G. That’s because the implementation of 5G will usher in an age of unprecedented data speeds and significantly lower latency, meaning that DDoS attacks will have to be mitigated in a matter of seconds, not minutes.
With Ericsson estimating that the number of IoT devices with a cellular connection will reach 4.1 billion by 2024, it’s plain to see why vulnerable 5G-connected IoT devices will pose a serious threat to organisations around the globe. If left unchecked, the scale of 5G-connected IoT DDoS attacks is likely to make even the biggest attacks of today pale in comparison.
To combat the next generation of 5G DDoS attacks, it’s imperative that organisations implement advanced DDoS threat intelligence that combines real-time threat detection and automated signature extraction. Only then can organisations effectively defend themselves against the colossal, hyper-fast DDoS attacks of the future.
It is with advances in the 5G and IoT market that we will begin to see a rise in major DDoS attacks as current reports show. It is a double-edged sword as the risks of using IoT is high, but the benefits are also many. If organisations can prepare themselves now for this future, then security teams can be ready to face the next large-scale DDoS threat before it arrives. If the warnings from these reports are instead ignored or left until the last moment then DDoS attacks will be allowed to find the perfect partner in IoT.