For most businesses, being overwhelmed with requests is the best kind of “problem” they can face. Whether it’s inboxes bursting with emails, phones ringing off the hook or crowds of customers squeezing through the door, this problem doesn’t really seem like a problem at all. But what if the requests were fake; queries that appeared to be legitimate but were, in fact, time-wasting efforts to keep you so busy that you can’t cater to actual prospective customers? That, in essence, is the high level description of a Distributed Denial of Service (DDoS) attack.
This kind of attack would be very difficult to orchestrate in the real world. For good reason, you don’t hear too much about, for instance, restaurants hiring crowds of actors to go and eat in a rival establishment; filling up tables and then being unable to pay at the end of the meal. However, in the online world, the equivalent kind of cyberattacks — designed to overload websites or internet platforms with enormous quantities of fake traffic — are becoming increasingly common. Such attacks have been waged against players both small and big, including some of the world’s biggest internet services like Twitter, The New York Times, Reddit, and more. They mean that the services in question are knocked offline or greatly slowed down, making them inaccessible to regular, legitimate customers.
Taken as a broad average, the cost to a company of one hour’s unwanted downtime is in the region of $300,000. However, the damage caused by these attacks, including, in some cases, eroded user trust, can be immeasurable.
The danger of the botnet attack
One way that DDoS attacks are able to aim such massive attacks at targets is by using compromised Internet of Things (IoT) devices as sleeper agents in what are known as botnet attacks. A botnet refers to a collection of devices connected to the internet that have been infected with malware that lets hackers control them remotely. The exact number of compromised devices in a botnet will vary, but it could easily be in the tens of thousands. In some cases, botnets — which are sometimes called “zombie” networks — can be hired out so that cybercriminals can use them for their own purposes. The results are a bit like an army of mercenaries that can be used to attack any target — although, in the case of botnet mercenaries, the rightful owner of the infected computers in a botnet may not even know that their machine has been compromised.
In 2019 and 2020, a new IoT botnet emerged in the form of Mozi. Mozi uses code from both the Gafgyt malware and Mirai variants to quietly infect IoT devices with malware to create a peer-to-peer (P2P) botnet that can be used for staging large scale DDoS attacks. The malware is frequently used to target devices such as routers and DVRs with weak security. Using what is referred to as a command injection (CMDi) attack, this means that when a targeted IoT device is susceptible to an attack, the Mozi payload is automatically executed. In the case of Mozi, CMDi is used for initially gaining access to vulnerable devices, prior to altering permissions on the device so that the attacker can gain full access to the device and download additional malware as they require it. According to researchers from IBM, between October 2019 and June 2020, Mozi made up some 90% of the traffic headed to and from IoT devices. Furthermore, combined instances of IoT attacks during this time were 400 percent higher than the combined IoT attack instances in the two years previous. Around 84 percent of the observed Mozi botnet infrastructure is reportedly based in China.
Reasons to be concerned — and ways to defend
There are plenty of reasons to be concerned about the impact of IoT devices being used to launch DDoS attacks. For starters, the number of connected IoT devices around the world is exploding. The term “Internet of Things” was coined in the late 1990s, but it didn’t appear on Gartner’s list of emerging technologies until 2011, more than a decade later. Today there are estimated to be upwards of 7 billion Internet of Things devices in operation, covering consumer, commercial, enterprise, industrial, infrastructure and other sectors. Being able to capture and repurpose even a small percentage of these gives cyberattackers a major weapon in their arsenal to use against targets.
Fortunately, proper security defenses are available. For starters, people with IoT devices should safeguard them against becoming part of botnets. While this is not a comprehensive solution, changing passwords from default options, making sure that firmware is updated, and selecting devices from reputable manufacturers will all help increase security measures.
Potential victims of DDoS attacks like those carried out by the Mozi botnet can also take steps to protect themselves. Some steps, like recognizing warning signs such as intermittent website connectivity issues, can be used to take action earlier. Companies and individuals should also practice basic network security competence like using complex passwords, changed on a regular basis. While that alone won’t stop a DDoS attack, it is good practice for safeguarding systems against cyberattacks.
Bring in the experts
The best, most comprehensive decision of all involves bringing in the experts. Anti-DDoS measures offered by industry professionals carry out continuous network and website monitoring for unusual, illegitimate traffic and attacks. Once this is spotted, they can block this traffic, while continuing to let legitimate traffic through the gate. They should also be able to help process massive attacks of tens of billions of packets per second. That means that, no matter what the attack, your system will be able to rapidly and easily withstand the potential damage.
DDoS attacks can be devastating — which is why cyber attackers continue to use them. (In some cases, they won’t even carry out attacks, but simply threaten them as a way to extort money.) However, taking the right measures to mitigate them will go a long way toward stopping you from being successfully targeted. Whether it’s for your own peace of mind, the ability of your employees to do their work properly, or the benefit of your customers who want to use the services you offer, proper DDoS protection is the right thing to do.