8 DDoS Attacks That Made Enterprises Rethink IoT Security

Distributed Denial of Service Disasters

The overall frequency of distributed denial of service (DDoS) attacks increased in 2016 thanks, in part, to Internet of Things botnets, according to information service provider Neustar. The company said it mitigated 40 percent more DDoS attacks from January through November, compared to the year earlier.

Neustar warned that as botnet code assemblies are published, dangerous new DDoS developments will continue to emerge, such as persistent device enrollment, which enables botnet operators to maintain control of a device even after it's rebooted.

From colleges to entire U.S. regions, here are eight situations where vulnerable IoT devices brought down networks.

DDoS Attack Affects U.S. College For 54 Hours

A distributed denial of service attack on a college in February, recently made public by security firm Incapsula, affected that institution's network for 54 hours straight.

Incapsula recently revealed the attack, noting that the attackers seemed adept at launching application layer assaults on vulnerable IoT devices.

"Based on a number of signature factors, including header order, header values and traffic sources, our client classification system immediately identified that the attack emerged from a Mirai-powered botnet," according to an Incapsula spokesperson in a blog post. "Our research showed that the pool of attacking devices included those commonly used by Mirai, including CCTV cameras, DVRs and routers."

DDoS Attack Takes Down Netflix, Twitter

An October DDoS attack – which was launched through IoT devices and blocked an array of websites - deepened the industry's concerns over the security risk of the Internet of Things.

The denial of service attack was launched through Internet of Things consumer devices, including webcams, routers and video recorders, to overwhelm servers at Dynamic Network Services (Dyn) and led to the blockage of more than 1,200 websites.

The attack on Dyn, which connects users to websites such as Twitter and Netflix, came from tens of millions of addresses on devices infected with malicious software codes, knocking out access by flooding websites with junk data.

DDoS Attack Through Vending Machines Hits University

Verizon's preview of its 2017 Data Breach Digest in February revealed that an unnamed university was hit by a DDoS attack launched through vending machines, lights, and 5,000 other IoT devices.

According to Verizon, an incident commander noticed that ’name servers, responsible for Domain Name Service (DNS) lookups, were producing high-volume alerts and showed an abnormal number of sub-domains related to seafood."

While administrators were locked out, the university intercepted "the clear text password for a compromised IoT device over the wire and then use that information to perform a password change before the next malware update.’

DDoS Attacks Attempted Against Campaign Websites of Hillary Clinton And Donald Trump

According to security firm Flashpoint, hackers attempted four Mirai botnet DDoS attacks in November against the campaign websites of Hillary Clinton and Donald Trump.

According to Flashpoint, the company observed a 30-second HTTP Layer 7 (application layer) attack against Trump's website, while the next day, it saw attacks against both Trump and Clinton's campaign sites. While attacks were attempted, neither website observed or reported outages.

"Flashpoint assesses with moderate confidence that the Mirai botnet has been fractured into smaller, competing botnets due to the release of its source code, which has led to the proliferation of actors exploiting the botnet’s devices," a spokesperson wrote on Flashpoint's website.

BBC Domain Downed By By DDoS Attack

On New Year's Eve 2016, the BBC's website was hit by a DDoS attack that downed its entire domain – including on-demand television and radio player – for more than three hours.

While BBC originally said that it was undergoing a technical issue, the broadcaster's news organization later said the outage was a result of a DDoS attack, according to "sources within the BBC."

Russian Banks Hit With Waves Of DDoS Attacks

In November, at least five Russian banks, including Sberbank and Alfabank banks, were the victims of prolonged DDoS attacks that lasted over two days.

According to Security Affairs, the attack came from a wide-scale botnet involving up to 24,000 computers and IoT devices that were located in 30 countries. The banks' online clients services were not disrupted.

According to security firm Kaspersky Lab, the incident was the first time that massive DDoS attacks hit Russian banks in 2016.

Rio Olympics Organizations Hit By DDoS Attack Staged By LizardStresser

Arbor Networks' security engineering and response team revealed in a statement that several organizations affiliated with the Olympics came under "large-scale volumetric" DDoS attacks beginning in September 2015.

"A large proportion of the attack volume consisted of UDP reflection and amplification attack vectors such as DNS, chargen, ntp, and SSDP, along with direct UDP packet-flooding, SYN-flooding, and application-layer attacks targeting Web and DNS services," said Arbor Networks in a statement.

According to Arbor Networks, a DDoS-for-hire service, called LizardStresser, staged most of the pre-Olympic attacks. Despite the attacks, Arbor Networks performed several mitigation measures to help Olympics administrators keep their systems running.

Brian Krebs' Website Experienced DDoS Attack

In September 2016, security investigative reporter Brian Krebs' information blog experienced a DDoS attack. The attack reportedly placed peak traffic at around 620 Gbps.

Krebs determined a Mirai botnet was responsible for the attack: "The source code that powers the IoT botnet responsible for launching the historically large DDoS attack against KrebsOnSecurity last month has been publicly released, virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices," he stated on his blog.

"My guess is that (if it’s not already happening) there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth. On the bright side, if that happens it may help to lessen the number of vulnerable systems," said Krebs in the blog post.