It’s one of the oldest, best-known forms of cyberattack on the web: The distributed denial of service attack. The act of flooding a server or network with bogus traffic from a botnet until it’s brought to its knees. It’s not hard to see why, either - it’s tried-and-true, and incredibly easy to pull off, besides.
It’s also difficult to defend against, as criminals are constantly dreaming up new and creative ways to flood their target of choice - even businesses like Amazon, Google, and Microsoft have occasionally been knocked out.
It’s also increasingly rare for anyone to carry out a DDoS attack for its own sake. More often than not, they’re used as a smokescreen. They’re a distraction tactic designed to keep security professionals busy while the hackers zone in on their actual goal, whatever that may be - one bank in 2012 found that out the hard way, discovering too late that a DDoS masked a $900,000 digital heist.
Of course, defenses against DDoS attacks do exist. There are tools and scripts designed to filter out bad traffic. Cloud bursting handles the excess traffic by providing extra processing power. Critical systems are outfitted with extra bandwidth for the express purpose of DDoS mitigation.
The problem is that most of these defenses can be overcome simply through having a big enough botnet. And botnets are about to become much, much larger. See, one of the most prominent trends in recent months has been a surge of smart devices - connected TVs, fridges, blenders, and so on.
Those devices are prime targets for hackers looking to enlarge and empower their botnets.
“Hackers are exploiting weak and default credentials on embedded devices to create botnets that are the source of DDoS attacks,” writes Corero’s Linda Musthaler. “As hundreds of millions of poorly secured Internet-enabled devices come online in the years ahead, we can expect to see malicious actors exploit this dramatically expanded threat surface to create unconventional botnets from which to launch attacks.”
These botnets, says Musthaler, portend an “ominous future” for the cybersecurity realm. What we’re about to see is a threat surface of unprecedented size, with connected systems all over the world ripe for the picking by malicious actors. And unfortunately, there’s very little we can do about it at this moment in time.
Industry groups, says Musthaler, are mercifully aware of this fact, and organizations such as the ISO are currently looking at updated existing security standards to account for the Internet of Things. It’s likely to be a while before these efforts bear fruit, though. In the meantime, the best advice I can give is that you shore up your defenses and make sure you’re prepared to protect yourself.