IoT triggers new DDoS alert

IoT triggers new DDoS alert

THE Internet of Things (IoT) is transforming efficiency in various industries like healthcare and logistics, but has also introduced new security risks, particularly IoT-based DDoS attacks. This article explores how these attacks work, why they pose particular problems, and how to mitigate them.

What is IoT?

IoT (Internet of Things) refers to interconnected online devices that collect and exchange data. This broad category of devices includes sensors, cameras, network routers and advanced machines, and their integration into daily life and work processes results in an ecosystem capable of automating operations, improving decision and improve the user experience.

IoT: fertile ground for botnets

Rapid adoption of IoT amplifies its vulnerability, as poorly secured devices become easy prey for attackers and can become part of a botnet. Controlled by attackers, botnets can scale and rapidly execute a variety of attacks, including DDoS, data theft, ad fraud, cryptocurrency mining, spam and phishing, data harvesting and surveillance, without the knowledge of device owners.

Why are IoT botnets a growing concern?

Botnets are not new, but IoT botnets pose a specific threat. The number of IoT devices reached 16 billion in 2022 and is should exceed 30 billion by 2025. These devices often suffer from infrequent updates or insecure default settings, or are simply left unattended, making them less secure than traditional computers and likely to be hacked with relative ease to form powerful botnets.

The scale and complexity of IoT-based attacks will increase due to their increasing use. Among these risks, distributed denial of service (DDoS) attacks are particularly difficult to mitigate. The distributed nature of IoT devices makes them ideal platforms for these attacks, making it difficult to identify and block malicious traffic and thus compounding the challenges of mitigating DDoS attacks.

Anatomy of IoT-Based Botnet DDoS Attacks

Let’s discuss how IoT DDoS attacks are happening and how new IoT devices are joining the ranks of robots.

How are IoT DDoS attacks launched?

Several key entities are involved in a DDoS botnet attack:

  • THE attacker is the person controlling the botnet. They are also known as bot herder or botmaster.
  • A command and control (C&C) server is a computer controlled by the attacker and used to communicate with infected devices. The C&C orchestrates the botnet’s actions, sending global commands for tasks such as launching an attack or scanning a new device for vulnerabilities.
  • A botnet is a network of malware-infected devices controlled by a single attacker.
  • THE victim or target is the subject of a specific attack carried out by a botnet.
DDoS botnet assault flow, from attacker command to DDoS attack
DDoS botnet assault flow, from attacker command to DDoS attack

The attack process is relatively simple:

  1. The attacker targets the botnet at a victim. The botnet operator identifies the target (usually a device, website, or online service) that they want to take down.
  2. The C&C server orchestrates the DDoS attack. The C&C server sends the attacker’s instructions to all bots in the network to start sending requests to the target, and coordinates the botnet’s behavior.
  3. An influx of traffic occurs. All bots on the network start sending a large number of requests to the target website or server.

When the botnet floods the target with excessive requests, service outages occur, which compromises the availability of the targeted system and even endangers the integrity of the entire infrastructure. When targeting critical infrastructure such as healthcare or transportation, the risks go beyond financial and reputational damage and put people’s lives at risk.

Integrating IoT devices into botnets

IoT devices that are unpatched, unmonitored, or misconfigured, or are already victims of a botnet DDoS attack, are at risk of being incorporated into a botnet. To expand the botnet, an attacker hacks new IoT devices. This process involves two entities: the botnet itself and the loading server, a special server that infects other devices.

In short, the process goes like this: the botnet hacks the device and gains access to it, then the upload server installs malware on it. The attacker then gains permanent access to the device and attaches it to the botnet. Here are the steps to infect IoT devices and connect them to a botnet based on the Mirai case:

  1. Initial order: The attacker uses the C&C server to send a command to the botnet to attack and incorporate new devices.
  2. Orchestration: The C&C server coordinates the botnet’s actions.
  3. Analysis and compromise: The botnet scans and compromises victims’ devices to gain privileged access by brute-forcing weak passwords or exploiting outdated firmware or insecure configurations.
  4. Data report: The botnet relays the victim’s IP address and credentials to the upload server once the device is hacked.
  5. Malware distribution and infection: The loading server sends malware or malicious instructions, which are then executed by a compromised device, turning it into a robot.
  6. Join the botnet: The newly infected device becomes part of the botnet and waits for further commands, often operating undetected.
Process flow, demonstrating the analysis, compromise, infection and connection of a new device to a botnet
Process flow, demonstrating the analysis, compromise, infection and connection of a new device to a botnet

Advanced botnets can self-propagate, compromising more devices autonomously, drawing more and more devices into the botnet, thereby increasing the size of the botnet and amplifying the scale of future attacks.

How dangerous is today’s IoT DDoS threat?

IoT-based DDoS attacks increased by 300% in the first half of 2023 alone, resulting in an estimated global financial loss of $2.5 billion. By 2023, 90% of complex, multi-vector DDoS attacks were based on botnets. The trend shows no signs of slowing: the number of IoT devices involved in botnet-driven DDoS attacks has increased from around 200,000 a year ago to around 1 million deviceswhile there is twice as many vulnerabilities be targeted by botnet malware.

Overall, DDoS attack capacity is increasing. According to Gcore’s Radar 2023, the peak power of a single DDoS attack reached a staggering 800 Gbps in the first half of 2023. Two years earlier, it peaked at 300 Gbps. While most attacks reach speeds of 1-2 Tbps, the most powerful can reach 100 Tbps.

Alarming projections for 2023-2024

We are witnessing a a significant increase in specific DDoS attack vectors, such as UDP reflection and HTTP request flooding, primarily targeting the technology and financial sectors. Sectors heavily dependent on online services and real-time data processing are the most attractive targets, facing immediate financial losses and long-term reputational damage.

The advancement of IoT, while driving innovation, also drives alarming future cybersecurity trends: it fuels innovation but also raises important cybersecurity concerns. With an expected 18% growth in the number of IoT devices, reaching 14.4 billion in 2023, and a predicted increase to 27 billion by 2025, experts anticipate a corresponding increase in botnet attacks. With the rise of IoT and DDoS, IoT DDoS is likely to become an increasingly significant threat in the immediate future.

Defensive Measures: Strategies and Best Practices

The rise of more sophisticated and powerful attacks makes immediate attention to security essential. Here is how different stakeholders can contribute to a more secure digital ecosystem:

1. Protect your IoT from infection.

  • Educate on safe IoT practices: Encourage home and business users to change default passwords, update firmware, and adhere to best practices to prevent devices from being compromised. Many companies, such as SANS Instituteoffer training on IoT security and penetration testing.
  • Collaborate and share threats: Initiatives like Alliance against cyber threats and the Joint Cyber ​​Defense Collaboration uniting governments, technology companies and cybersecurity companies to quickly detect and neutralize emerging threats, strengthening global collective defenses.
  • Update devices regularly: Ensure IoT devices are updated with the latest firmware and patches to prevent exploitation of known vulnerabilities.

2. Protect yourself against IoT-based botnet DDoS attacks.

  • Implement multi-layered security protocols: Deploy a global security strategyfrom firewalls and intrusion detection systems to web application security solutions.
  • Invest in Specialized DDoS Protection Solutions: Companies like Gcore have developed solutions explicitly designed to combat even massive IoT-based DDoS attacks. These DDoS protection solutions have played a vital role in reducing risks by leveraging real-time analytics.


The challenge of defending against IoT-based DDoS attacks is an ongoing battle. By understanding current solutions, investing in specialized technologies like Gcore DDoS protectionand by fostering a culture of vigilance and collaboration, you can significantly reduce organizational risks and help pave the way for a more secure digital landscape in the face of escalating threats.

Did you find this article interesting ? follow us on Twitter And LinkedIn to read more exclusive content we publish.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button