By: A. Dahiya, B. B. Gupta
IoT is all about connecting smart devices to the Internet to create something that people already use in their everyday lives. This article covers how the IoT is making DDoS attacks more dangerous than ever before, and how to prepare your business against these potentially devastating attacks today?
What is a DDoS attack?
A Distributed Denial of Service (DDoS) attack [1-3] is a type of cyber-attack where there are many devices attacking a single server. This is usually done by overloading the server’s connection and preventing it from receiving any more data. The devices that launch this type of attack can be computers, servers, or even personal gadgets such as smartphones, but they all have one thing in common: they must be connected to the internet to participate in the attack. DDoS attacks are so common that the largest company in this industry, Cloudflare, had to upgrade its service and add several new features and an extra layer of protection to cope with the growing demand. The overview of the DDoS attack is shown in figure 1.
Why are these attacks more dangerous?
These attacks are made more dangerous because perpetrators can now use the Internet of things (IoT) to make them more severe [4-6]. They can do this by exploiting known vulnerabilities in-home devices like Wi-Fi routers, security cameras, and smart TVs. Assailants may utilize these susceptible devices to deliver a flood of traffic to select sites, disabling their servers. These attacks also pose a more serious threat to individuals whose devices are used in botnets. Many of these botnet victims do not even know their devices are being used in this way, leaving them vulnerable to identity theft or even physical harm.
There are steps you can take to guard against this type of attack. Since most IoT devices have little or no security, updating their firmware is critical. This will reduce the chances that you will be part of a botnet. You should also make sure your devices are always up to date with the latest security patches for their operating systems. There are also applications you can run on your computers and smartphones that will prevent them from being used in botnets. Finally, avoid clicking on links that appear in unsolicited emails. These kinds of attacks on IoT devices are on the rise. Some experts estimate that by 2022, there will be 20 billion IoT devices in use. If you’re not careful, you could end up part of a botnet and your device will be used against you [7, 8].
How does an IoT device make DDoS attacks worse?
If you are not already familiar with DDoS attacks, they are a form of cyber-attack in which the perpetrator latches on to a single connection point and uses it to send multiple messages or requests for information. An IoT device, such as a baby monitor or thermostat, may have an internet connection that is not secured with a firewall. The hacker would then focus on this device and use it to unleash a DDoS attack on your company’s website or another target. If your company’s website is down, it can have a disastrous impact on your business. The best defense against IoT DDoS attacks is to take steps to secure all of your devices [9, 10].
If an IoT device is faulty or causes harm, it may be possible to sue whoever created it. An IoT/botnet victim may sue the botnet owner, although this is more complicated than it seems. Botnets may be created by numerous persons, and their owners may not be in the same nation as the victims.
Each country has its own laws regarding who is responsible for an attack.
- In the UK, the government is considering a bill that would make manufacturers responsible for recalled products.
- Anyone who spreads malware in the United States should be held liable, even if they did not develop it. Also, if a business that fails to maintain adequate security may be held accountable for malware assaults,
- In Europe, if you disseminate malware, you are personally liable for its consequences. However, the business cannot be held liable if it took reasonable steps to safeguard its customers.
What type of IoT devices are most at risk?
The cameras are one of the most popular IoT devices that are being targeted by malicious actors. The hackers will search for any publicly accessible IP address with a camera, then use it to launch their DDoS attack. This is what happened to one of the largest DDoS attacks ever observed, with an estimated size of 1.7 terabits per second.
How can I protect my IoT devices?
The best way to protect your IoT devices is to set up a firewall to restrict inbound and outbound traffic. It’s also important that you use passwords and preferably for the device to change its default login credentials. To avoid these issues, you can block all inbound and outbound traffic from connecting to your device. Besides this, you can use a virtual private network (VPN) to secure your internet traffic and revoke access to your device from all outside networks.
In summary, it’s been shown that IoT is an integral part of many DDoS attacks. It’s been shown that they can be used for reconnaissance and to conduct a distributed attack. In the future, these types of attacks will only become more dangerous as the number of IoT devices increases exponentially.
- Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE communications surveys & tutorials, 15(4), 2046-2069.
- Yan, Q., et al. (2015). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE communications surveys & tutorials, 18(1), 602-622.
- Tripathi, S., et al. (2013). Hadoop based defense solution to handle distributed denial of service (ddos) attacks. Journal of Information Security. Vol. 4 No. 3 (2013) , Article ID: 34629 , 15 pages DOI:10.4236/jis.2013.43018.
- De Donno, M., Dragoni, N., Giaretta, A., & Spognardi, A. (2017, September). Analysis of DDoS-capable IoT malwares. In 2017 Federated Conference on Computer Science and Information Systems (FedCSIS) (pp. 807-816). IEEE.
- Adat, V., et al. (2018, January). Economic incentive based solution against distributed denial of service attacks for IoT customers. In 2018 IEEE international conference on consumer electronics (ICCE) (pp. 1-5). IEEE.
- Jia, Y., Zhong, F., Alrawais, A., Gong, B., & Cheng, X. (2020). Flowguard: An intelligent edge defense mechanism against IoT DDoS attacks. IEEE Internet of Things Journal, 7(10), 9552-9562.
- Alieyan, K., Almomani, A., Anbar, et. al. (2021). DNS rule-based schema to botnet detection. Enterprise Information Systems, 15(4), 545-564.
- Hoque, N., Bhattacharyya, D. K., & Kalita, J. K. (2015). Botnet in DDoS attacks: trends and challenges. IEEE Communications Surveys & Tutorials, 17(4), 2242-2270.
- Cvitić, I., et al. (2021). Boosting-based DDoS Detection in Internet of Things Systems. IEEE Internet of Things Journal.
- Dhananjay Singh (2021) Captcha Improvement: Security from DDoS Attack, Insights2Techinfo, pp.1
Cite this article as:
A. Dahiya, B. B. Gupta (2021) How IoT is Making DDoS Attacks More Dangerous?, Insights2Techinfo, pp.1