DDoS of Things
The Internet of Things (IoT) has enabled all sorts of innovations that we never thought possible before. Everything from our watches to our light switches is now internet-enabled, making it easy to control your entire house from a voice-controlled assistant like Amazon’s Alexa, Google Home, the HomePod, or any number of smart speaker devices. You can plug any device into a WiFi-enabled smart socket to control just about anything from a virtual assistant or app. But, if you’re not careful, your IoT device can get hacked and incorporated into a botnet that participates in a distributed denial-of-service of things attack (DDoS of Things).
The drawback to all of these things is that because they’re connected to the internet, they’re vulnerable to an attack. As the number of IoT devices in the wild continues to grow, we’re seeing a rise in attacks that take advantage of these devices to execute new and more expansive attacks than we’ve ever seen before.
Hackers are capitalizing on the fact that our incorporation of IoT devices into our lives is rapidly exceeding our ability to secure them, so you need to make sure that you’re protected.
What Is a DDoS of Things Attack?
You might already be familiar with a distributed denial of service (DDoS) attack. Essentially, these attacks infiltrate vulnerable devices and recruit them into a botnet, a coordinated network of internet-enabled devices that will follow commands from a single source. When an attacker decides to go forward with a DDoS attack, these devices all make service requests from the same target at the same time, flooding them with a deluge of traffic that overwhelms them and hopefully (from the perspective of the attacker) knocks them offline.
The difference between a DDoS attack and a DDoS of Things (DoT) attack is which devices are used to accomplish the attacker’s goal. In a DoT attack, many of the devices in the botnet are IoT-enabled. These devices are often less secure because they’re not held up to the same scrutiny as a smartphone or laptop, and many users don’t know how to update them, much less commit to a regular patching schedule. The result can be finding yourself sitting on a network full of compromised devices, not knowing what to do to minimize the damage.
How to Secure Your IoT Devices
While the IoT is great for allowing us to start our coffee machine in the morning or turn on the living room lights from our smartphone, the security aspect of things is de-emphasized. In a small business environment, there are still many devices that end up connected to your network that aren’t subject to the same security standards as a laptop or phone would be. In particular, if a vulnerability is discovered in an IoT device, it’s less likely to be quickly patched because a user simply doesn’t think of it as a threat vector or a vulnerability.
One of the most important things you can do to prevent IoT devices connected to your network from being recruited into a botnet is to commit to a regular patching schedule. Cyberattackers are always looking for the low-hanging fruit, and unpatched devices with known vulnerabilities are some of the juiciest targets.
Most importantly, your business needs to have a policy when it comes to bringing new IoT devices onto the network. Often, your employees will add something new without thinking about the broader security consequences. The important thing here is for your IT department to be aware of any new additions to your network and have a plan for protecting it from any outside threats.
Controlling Your Bandwidth
The most important thing you can do to avoid becoming a victim of these attacks is to monitor your network for excess traffic. If you don’t have the resources to commit to 24/7 network monitoring, you might consider going with a managed WiFi provider who can help you keep your network secure.
On top of basic network monitoring, there are basic security steps you can take like an upstream DNS server that can help make you a more difficult target to hack. When it comes to cyberattackers, you’re only dealing in probabilities. You need to be acting as if you’re going to get hacked, as opposed to waiting for something to happen.
The issue is not if you’re going to get hacked. It’s when. You need to develop a strategy for what you’ll do as opposed to thinking about it and putting it off because it’s unlikely to happen. Hackers are increasingly targeting small businesses, and you don’t want to be caught flat-footed when you find yourself in the crosshairs of an attacker.
How to Protect Yourself Against a DDoS of Things Attack
A DDoS of Things attack is very much the same as a regular DDoS attack. The only difference is that a significant portion of the traffic is coming from IoT devices in the cyberattacker’s botnet. It’s extremely important to be aware you’re being targeted as quickly as possible, so you can identify where they’re attacking you and what you can do about it.
DDoS attacks generally bring to bear enormous amounts of traffic at one specific URL, web-based form, or some other public-facing vulnerability. If you work with your ISP or some sort of managed services provider to get 24/7 network monitoring, you can quickly figure out what’s being targeted and prevent the problem from spreading.
What You Can Do Right Now
While the Internet of Things can bring a lot of revolutionary changes to the way the office functions, packing so many internet-connected devices onto your business network can carry significant risks, too. There’s a possibility that your IoT equipment can be compromised and recruited into a botnet, where it can be used as part of a DDoS of Things attack. The good news is there are steps you can take to secure your network significantly.
- DDoS of Things attacks use IoT devices as part of their botnet.
- Regularly patch your IoT devices to ensure they’re secure.
- Vet new devices that employees bring onto your business network.
Work with a managed service provider to have 24/7 network monitor