Given the waves of new connected devices that debuted at CES last week, cybersecurity experts with Corero expect to see in 2018 is a sharp uptick in a specific type of cyberattack that takes advantage of non-secured IoT devices, hijacking them for botnet attacks, the ” Distributed Denial of Service attack (DDoS).
Stephanie Weagle, Vice President, Corero Network Security:
“A tidal wave of connected smart home devices and low-cost Internet connected gifts, both from trusted brand names and no-name suppliers, are now accessing home Wi-Fi networks, The reality is that any device, infrastructure, application etc., that is connected to the Internet is at risk for attack, or even more worrisome, to be recruited as a bot in an army to be used in DDoS attacks against unsuspecting victims.
“While it’s unclear if the latest CES attractions are exploring your home network, looking for vulnerabilities in other devices, infecting them with their malware, and joining botnets, what is clear is that enterprise security and compliance teams must realize that these devices are broadening the botnet threat by leaps and bounds, opening the door to more devastating DDoS attacks than previously experienced.
“Commonly used DDoS toolkits abuse Internet services and protocols that are available on open or vulnerable servers and devices, to create a class of attacks that are virtually impossible to trace back to the originating attacker.
“This raises a lot of concerns, and rightfully so, that this new type of attack surface could become wildly out of control in short order. The everyday short duration, low volume attack activity, or the massive volumetric DDoS attacks should be cause for concern in any enterprise organization that requires uninterrupted service availability to conduct business.
“With CES now drawn to a close for 2017, it serves as a reminder: It’s incumbent upon enterprises and Internet service providers take intentional precautionary measures to proactively thwart DDoS attacks at any scale. The threat is only growing.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.