September 05, 2022

How the IoT is fuelling DDoS attacks

Internet of Things (IoT) devices have become an attractive target for cyber criminals who utilise distributed denial of service (DDoS) attacks. These devices tend to be susceptible to security vulnerabilities, with easy-to-hack security configurations and passwords, default administrative credentials, and open access to management systems.

As the number of IoT devices continues to grow, they're not always updated with security patches and tools. As a result, cyber criminals are tapping into the IoT to fuel DDoS attacks. A DDoS attack is a large-scale cyber attack that affects enterprise networks. During an attack, networks are flooded with millions of fake requests and this can lead to the network shutting down.

So what exactly is the IoT? It is an interconnection of web-enabled devices that send and receive data. It can include physical objects, such as sensors and CCTV cameras, but also virtual machines, software and electronic systems. These IoT devices connect to each other, exchanging data with other systems over the internet or computer networks. Hackers are now using compromised IoT devices to launch DDoS attacks.

IoT devices on the botnet

Compromised IoT devices on the botnet are used to perform coordinated attacks, destabilising digital infrastructure and wreaking havoc on business networks. The botnet is a network of computers or devices that have been infected by viruses or malware. This malware allows cybercriminals to virtually control those devices without the owner or user knowing that it is even happening.

Botnets are made-up of a number of different devices, including personal computers and mobile devices. The size of the botnet is growing exponentially over time, and includes hundreds of millions of infected IoT devices. There is a growing trend of IoT devices and cell phones being involved in DDoS attacks.

The IoT used in a DDoS attack

Traditionally, desktop computers were the main type of device targeted with malware and used on botnets. In recent years however, as more devices became connected to the internet, botnets are increasingly made up of devices such as:

Linux servers (Ebury botnet)
Android mobile devices (WireX botnet)
Routers (Mirai botnet)
IP cameras (Persirai botnet)

The Mirai botnet is behind some of the largest cases of DDoS attack. Affecting websites such as Twitter, Netflix and Spotify, an army of botnet devices launched a large-scale attack on a number of critical web surfaces in 2016. Mirai was designed specifically to infect IoT devices, leaving nearly one million people in Germany without internet access for a few days after their routers had been infected.

According to reports, the number of Mirai variants increased by almost 60% in 2019. A new variant of Mariah (called Mozi) was responsible for the highest levels of flooded traffic in the final quarter of 2019 and into 2020. This particular strain of malware continues to pose a threat, with multiple botnets using the Mirai and Mozi viruses to target IoT devices.

DDoS attacks from IoT devices

Criminals launched DDoS attacks from multiple devices located in various countries around the world. This makes it really hard to trace the source of attack, as requests appeared to come from legitimate users.

DDoS attacks are becoming a major cyber threat for public institutions and enterprises around the world. Every year, there is around a 25% increase in DDoS attacks affecting governments and state-owned enterprises. Between 2019 and 2021, DDoS attacks in Africa rose by 300%. In the private sector, industries such as banking, healthcare and e-commerce are mobilising themselves to ensure that their customers, employees and digital assets are safe from effects of a DDoS attack.

The effects of a DDoS attack

During a DDoS attack, online services may become unavailable to users. Employees may be shut out of their company network or customers may be prevented from accessing the company website or mobile application. Such disruptions can prove highly costly for enterprises in terms of lost productivity and the need to shift resources to mitigating the after-effects.

The main goals of a DDoS attack include:

Shutting down a business network as a precursor to a ransomware attack
Changing or destroying data or configuration settings
Causing destructive changes to network devices

DDoS Protection for IoT devices

DDoS protection is needed to prevent system crashes and data breaches, including those from IoT devices. It is essential for large enterprises to have appropriate DDoS protection software. SEACOM Business has partnered with NETSCOUT to bring DDoS Protect to enterprises in South Africa.

Our DDoS protection tools include automated detection and response. The service solves a number of problems related to a distributed denial of services attack, including those launched from compromised IoT devices.

DDoS Protect prevents and mitigates different types of DDoS attack, whether it be a volumetric, application layer, or protocol layer attack. It also offers protection against hybrid threats. It allows businesses to protect their workflows and data.

With this software, business networks are monitored constantly in real time. Behavioural analysis is able to detect any abnormalities that might suggest a DDoS attack. Traffic monitoring, data filtering and reporting are key features of our DDoS protection solutions. Both cloud based and on premises protection are available and these are also designed to suit hybrid cloud environments.

DDoS Protection with SEACOM Business

SEACOM Business offers different levels of protection depending on the needs of your business. Whether it be on demand or continuous DDoS protection, we can design solutions that can adapt and change as your business grows. Our 24/7 technical support means that your business network is fully protected at all times.

If your network is under a DDoS attack, SEACOM Business can help you: call us now for assistance on +27 11 038 7045.

SEACOM owns Africa’s most extensive network of information and communications technology (ICT) infrastructure, including subsea cables and secure internet connections. We offer a diverse range of flexible, scalable and high-quality solutions for businesses that meet world-class standards for connectivity.

SEACOM is privately owned and operated, making it agile and adaptable to the needs of the customer. This makes us the preferred ICT and internet connectivity partner for African businesses and peripheral service providers. We can guarantee high-speed, low-latency and secure internet connections to corporates and small enterprises.

For‌ ‌more‌ ‌information‌ ‌on‌ our internet and voice solutions, ‌follow‌ ‌us‌ ‌on‌ ‌‌LinkedIn‌,‌ ‌‌Facebook‌ ‌or‌ ‌‌Twitter.‌ ‌Keep‌ ‌an‌ ‌eye‌ ‌on‌ ‌our‌ ‌‌news‌ ‌section‌‌ ‌for‌ ‌insightful‌ ‌articles‌ and relevant news stories on African ICT, internet connectivity and our leading cloud and security solutions.

Need internet for your home? Our subsidiary, WonderNet, brings fast and cost-effective broadband internet to all Africans with a fibre-to-the-home offering.