Internet-connected home devices were increasingly at risk to hackers in 2016, which converted them to weapons that launched distributed denial of service (DDoS) attacks to take websites and services online.
The finding is one of several cybersecurity trends identified by Arbor Networks in its 12th annual Worldwide Infrastructure Security Report (WISR). DDoS attacks render an online service unavailable by overwhelming it with traffic from multiple sources.
Arbor Networks is the security division of application and network performance management products provider NETSCOUT. In its latest report it suggests that the stakes have changed for network and security teams, with the threat landscape transformed by the emergence of Internet of Things (IoT) botnets. As IoT devices proliferate across networks and benefit businesses and consumers, attackers are able to weaponise them due to “inherent security vulnerabilities”.
The report details how attackers exploit and recruit IoT devices, how IoT botnets enabled by Mirai source code (malware that infects the devices and can be used as an attack launch platform) operate and offers practical advice on how to defend against them.
The largest distributed denial-of-service (DDoS) attack reported in 2016 was 800 Gigabits per second (Gbps), a 60% increase over 2015’s largest attack of 500 Gbps. As DDoS attacks get larger, they are also becoming more frequent and complex. This increased scale and complexity has led more businesses to deploy purpose-built DDoS protection solutions, implement best practice hybrid defences and increase time for incident response practice – all “positive developments in an otherwise gloomy threat environment”.
“The survey respondents have grown accustomed to a constantly evolving threat environment with steady increases in attack size and complexity over the past decade,” said Darren Anstee, Arbor Networks chief security technologist.
“However, IoT botnets are a game changer because of the numbers involved. There are billions of these devices deployed, and they are being easily weaponised to launch massive attacks. Increasing concern over the threat environment is reflected in the survey results, which show significant improvements in the deployment of best practice technologies and response processes.”
Among the report’s key findings:
Innovation and exploitation fuel the DDoS attack landscape:
The emergence of botnets that exploit inherent security weaknesses in IoT devices and the release of the Mirai botnet source code have increased attackers’ abilities to launch extremely large attacks.
The massive growth in attack size has been driven by increased attack activity on all reflection/amplification protocols, and by the weaponisation of IoT devices and the emergence of IoT botnets.
The chances of being hit by a DDoS attack are at a record high, with respondents showing increased rates of attack.
Multiple simultaneous attack vectors are increasingly being used to target different aspects of a victim’s infrastructure at the same time. These multi-vector attacks are popular because they can be difficult to defend against and are often highly effective, driving home the need for an agile, multi-layer defence.
The consequences of DDoS attacks are becoming clear:
DDoS attacks have successfully made many leading web properties unreachable – resulting in heavy loss of revenue. This has led the C-suite and company boards to make DDoS defence a top priority.
More appreciation of risk leads to better behaviour:
The survey results indicate a better understanding of the brand damage and operational expense of successful DDoS attacks, driving focus on best-practice defensive strategies. Across the board, in every industry, there has been an increase in the use of purpose-built DDoS protection solutions and best practice methods.
The most interesting outcomes of PSD2 will be derived from companies combining open banking with data from other areas like social media or government, argued Miles Cheetham, Open Banking Ltd.
There are various ways for financial institutions to benefit from advanced technologies and business models provided by FinTech's. Whether a business' approach is radical or incremental, data management can help a company to increase their return on investment, argues André Casterman, INTIX.
Tim de Knegt, strategic finance and treasury manager for the Port of Rotterdam, discusses how he is using blockchain, the challenges he will face in his role of treasury over the next 12 months and the advice he would give to someone starting out their career in treasury.
Far and away, the largest financial market on the planet is the foreign exchange currencies market, where on average individuals and organisations trade more than $5 trillion daily. In the FX world, the ability to master the market isn't considered a luxury for treasury officers–it's a necessity.