Rise of the botnets as IoT devices pullulate

03 March 2017

Arbor Networks said weaknesses in IoT devices have increased the hackers’ abilities to launch extremely large attacks.

Arbor Networks said weaknesses in IoT devices have increased the hackers’ abilities to launch extremely large attacks.

DDoS attacks are getting bigger, becoming more frequent and complex, and are set to get worse with the rise of the IoT, according to Arbor Networks.

In its 12th Annual Worldwide Infrastructure Security Report (WISR) published in January, the security specialist stated that the DDoS attack size has grown 7,900 per cent since 2005. It revealed that the largest attack reported in 2016 was 800Gbps, a 60 per cent increase over 2015’s largest attack of 500Gbps.

According to Arbor, the stakes have now changed for network and security teams. It said the threat landscape has been transformed with IoT devices proliferating across networks, and warned that attackers are able to easily “weaponise” these devices.

“The emergence of botnets that exploit inherent security weaknesses in IoT devices and the release of the Mirai botnet source code have increased attackers’ abilities to launch extremely large attacks,” stated the report.

It also said that multiple simultaneous attack vectors are increasingly being used to target different aspects of a victim’s infrastructure at the same time. “These multi-vector attacks are popular because they can be difficult to defend against and are often highly effective, driving home the need for an agile, multi-layer defence,” said Arbor.

On a more positive note, the report found that across the board in every industry, there has been an increase in the use of purpose-built DDoS protection solutions and best practice methods. Seventy-seven per cent of service provider respondents said that they are capable of mitigating attacks in less than 20 minutes.

Survey data in the WISR are based upon 356 responses from a mix of Tier 1, Tier 2 and Tier 3 service providers, hosting, mobile, enterprise and other types of network operators from around the world. Two-thirds of all those who participated said they were security, network or operations professionals.