This content has been archived
This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk
Summary
Threat details
Attacks through targeting IoT devices is on the rise and can provide attackers with a variety of opportunities in regards to targeting organisations. As IoT devices can range from lights, thermostats, cameras and pacemakers. Many of these devices have been in existence for years, several would currently be considered insecure and vulnerable. As an attack method, it’s relatively easy for attackers to commandeer IoT devices for nefarious purposes. Many devices still use unsecure default credentials and are ripe for the picking. Basic instructions are available online and the lucrative DDoS-for-hire market is expanding.
With DDoS-for-hire services that can easily be found on the dark web and in some cases on the deep and clear web, it means that almost anyone can carry out a DDoS attack on a target regardless of how technically minded they are. All that is needed, as a bare minimum, is simply for an actor to have a target in mind and funds to pay for a service.
Remediation advice
To protect in the event of a DDoS incident, an organisation should consider the following recommendations:Remediation steps
Last edited: 17 February 2020 11:29 am