DDoS attacks continue to target IoT networks
The second quarter of this year has seen DDoS attacks continue to target IoT networks according to attack protection specialist Nexusguard.
Nexusguard gathers DDoS attack data through botnet scanning, honeypots, ISPs and traffic moving between attackers and their targets, so the data is unbiased by any single set of customers or industries.
It finds that UDP-based (user datagram protocol) attacks increased by 15 percent in the second quarter, targeting hijacked devices connected to the Internet of Things, and overtaking SYN, HTTP Flood and other popular volumetric attacks in popularity.
A new botnet, Persirai, attacked more than 1,000 different models of IP cameras. Most attacks are short, more than 64 percent of attacks lasting less than 90 minutes. Only 2.3 percent lasted longer than 20 hours.
Around 34 percent of attacks originated from the People's Republic of China, while 20.9 percent had IP sources in the US and, interestingly, 10.1 percent in Switzerland as DDoS gangs become increasingly active in Europe.
"UDP attacks can frequently act as smokescreens over other malicious behavior, such as efforts to execute remote codes, malware, or compromise personally identifiable information," said Juniman Kasman, chief technology officer for Nexusguard. "Due to the speed with which UDP attacks can overwhelm DNS servers and hijack IoT devices, rapid detection and response is critical for overcoming these types of attacks. Organizations need to protect their DNS servers, and should consider using Anycast routing technology to avoid saturating individual attack targets."
The report highlights that most IoT devices, owing to their lightweight nature, are only currently capable of generating plain-vanilla UDP Flood attacks. But as IoT devices continue to advance, it’s believed that botnet-driven DDoS attacks will grow significantly in size and in frequency. Nexusguard recommends enterprises protect their DNS servers and employ Anycast routing technology to distribute the footprint of these DDoS attacks.
Current and previous DDoS trends reports are available on the Nexusguard website.
Image Credit: timbrk / depositphotos.com