Skip to main content

DDoS of Things Becoming a Growing Phenomenon

Distributed Denial of Service (DDoS) of Things is the term given to the act of using often unsecure IoT devices to launch powerful DDoS attacks.
Threat ID:
CC-1286
Category:
DOS
Threat Severity:
Medium
Threat Vector:
Published:
23 March 2017 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Distributed Denial of Service (DDoS) of Things is the term given to the act of using often unsecure IoT devices to launch powerful DDoS attacks.

Threat details

Led mostly by the Mirai malware, the DDoS attacks have taken advantage of unsecured IoT devices to build large bonnets with the capability to launch huge DDoS attacks.

Attacks through targeting IoT devices is on the rise and can provide attackers with a variety of opportunities in regards to targeting organisations. As IoT devices can range from lights, thermostats, cameras and pacemakers. Many of these devices have been in existence for years, several would currently be considered insecure and vulnerable. As an attack method, it’s relatively easy for attackers to commandeer IoT devices for nefarious purposes. Many devices still use unsecure default credentials and are ripe for the picking. Basic instructions are available online and the lucrative DDoS-for-hire market is expanding.

With DDoS-for-hire services that can easily be found on the dark web and in some cases on the deep and clear web, it means that almost anyone can carry out a DDoS attack on a target regardless of how technically minded they are. All that is needed, as a bare minimum, is simply for an actor to have a target in mind and funds to pay for a service.

Remediation advice

To protect in the event of a DDoS incident, an organisation should consider the following recommendations:

Remediation steps

Type Step
  • Review the presence of any IoT devices on the estate, ensuring that they are separated from the core network and default admin passwords are changed.
  • Review current DDoS mitigation tools with a view to assessing whether they are currently fit for purpose.
  • Have a well-established DDoS playbook to call upon when an incident occurs.

Last edited: 17 February 2020 11:29 am