23 May 2017
Lack of Sufficient Security Controls of Internet of Things Devices doubled the number of DoS or DDoS Cyberattacks in 2016
London, United Kingdom – 23 May 2016 - The number of denial-of-service (DoS) or distributed-denial-of-service (DDoS) cyberattacks doubled from 3% to 6% in 2016, due to the lack of sufficient security controls of Internet-connected ¹Internet of Things (IoT) devices. And of all IoT attacks, 60% originated from Asia, 21% from EMEA and another 19% from the Americas. The most likely reason for the high volume of attacks from Asia is that technology sourced from the region has historically been susceptible, and compromised infrastructure tends to be reused to perpetrate additional nefarious activities.
These are some of the highlights in Dimension Data’s Executive’s Guide to the NTT Security 2017 Global Threat Intelligence Report which was published earlier this month. The report was compiled from data collected by NTT Security and other NTT operating companies including Dimension Data, from the networks of 10,000 clients across five continents, 3.5 trillion security logs, 6.2 billion attempted attacks, and global ¹honeypots and ² sandboxes located in over 100 different countries.
Global honeypot sensors monitored IoT cyberattacks and their targets over a six-month period. Based on the credentials used by threat actors, it was determined that 66% of attacks targeted specific IoT devices such as a particular model of video camera. These attacks appeared to be from compromised IoT devices attempting to find and compromise even more such devices. This would be consistent with an attacker acquiring a large number of devices to use in DDoS and other forms of attack. Of the balance of 34% of the analysed attacks, it’s likely these were also attempting to grow the attacker’s arsenal by targeting other types of devices.
DDoS attacks using IoT devices can impact an organisation in multiple ways. They can:
- Prevent customers, partners, and other stakeholders from accessing their organisations’ Internet-facing resources, thereby impacting sales and other daily operations;
- Prevent employees and internal systems from accessing the Internet, disrupting many facets of operations; and
- Affect organisations providing services from the Internet, which can cause supply chains to be broken.
“There’s nothing about a DDoS attack which requires use of IoT devices only, so attackers may look for as many devices as possible regardless of type,” explained Mark Thomas, Dimension Data’s Cybersecurity Strategist. He points out that while DDoS attacks are the most recognised threat, they’re not the only potential outcome of an organisation’s IoT and ²operational technology (OT) devices being compromised.”
There are a number of actions that organisations can take to protect their businesses including:
- Make security a primary consideration for all Internet of Things and operational technology device purchases;
- Authorise funding as needed to replace older Internet of Things and operations technology devise purchases;
- Conduct threat and vulnerability assessments; and
- Ensure devices are discovered and profiled within an organisation.
According to a February 2017 press release by research firm, Gartner Inc, 8.4 billion connected things will be in use worldwide in 2017- up 31% on 2016. This number will reach 20.4 billion by 2020. And total spend on endpoints and services will reach almost $2 trillion in 2017.
Anton Jooste, Dimension Data’s Senior VP, Internet of Things added: “The number of ways that IoT devices can help people and organisations is boundless. However, there’s also much evidence that the expansion of the Internet enabled through mobility, cloud adoption, and the proliferation of the Internet of Things, has exposed new attack surfaces. Vulnerabilities are rife, data is exponentially increasing, privacy is being eroded, and the cost of breaches is becoming debilitating.”
¹The Internet of Things refers to the billions of devices (things) other than standard computers, smartphones, and tablets that can use computer networks (the internet). Many people already have IoT devices in their homes, such as routers, DVRs, thermostats, video cameras, security systems, coffeemakers, refrigerators, and voice-activated assistants (e.g., Amazon Echo). IoT devices also include wearables such as smartwatches, fitness bands, and medical devices. Even many cars have become IoT devices.
²Operational Devices are IoT-like devices.
*Gartner Press Release, Gartner Says 8.4 Billion Connected "Things" Will Be in Use in 2017, Up 31 Percent From 2016, February 7, 2017.
About Dimension Data
Dimension Data uses the power of technology to help organisations achieve great things in the digital era. As a member of the NTT Group, we accelerate our clients’ ambitions through digital infrastructure, hybrid cloud, and workspaces for tomorrow, and cybersecurity. With a turnover of USD 7.5 billion, offices in 52 countries, and 30,000 employees, we deliver wherever our clients are, at every stage of their technology journey. We’re proud to be the Official Technology Partner of Amaury Sport Organisation, which owns the Tour de France, and the title partner of the cycling team, Team Dimension Data for Qhubeka. Visit us at http://www.dimensiondata.com