A denial of service (DoS) attack occurs when a service that usually works will become unavailable. There can be many reasons for the unavailability, but it usually refers to infrastructure that cannot cope due to capacity overload.
The segment of service attacks that we will discuss today is called Distributed Denial of Service (DDoS), which results in a large number of systems maliciously attacking a target. This is often done via a botnet, where multiple devices are programmed (often ignorant of the owner) to request a service at exactly the same time.
Compared to hacking attacks such as phishing or brute-force attacks,
DoS generally does not seek to steal information or breach security, but a loss of reputation for an affected company can still cost large amounts of time and money. Often customers decide to change to an alternative provider, because they fear future security issues, or simply cannot afford an unavailable service. A DoS attack lends itself to activists and blackmailers – not exactly the best position for companies to find themselves.
How can denial of service attacks have such a big impact in IoT?
Because the devices are all so varied that their heterogenic nature is often used as an excuse by construction and owners to leave adequate security controls.
A DDoS attack means that it is administered from different sources with the same goal –
and here the Internet of Things should feel a bit much for hackers such as Toys for Kids: millions of devices, all too often long Unsafe and unsymmetrical. The scale at which these attacks are now possible is increasing considerably with the advancement of the Internet of Things.
DDoS attacks in the past were limited to computers and machines connected to the Internet, usually with the appropriate level of security. The Internet of Things has opened up a large number of devices to potential attacks – from printers to cameras, fridges, thermostats, sensors and routers. Not only do these devices have a sheer amount, but they are often protected with very limited security, if any. It is very easy to exploit those weaknesses and launch large-scale attacks without the owner’s knowledge.
However, not only can connected devices be used for attacks, they can also become targets of the said attacks.
Although a connected fridge that stops working for a while can be very unfortunate for the owner, think of appliances that have a huge impact on the lives of many people, for example: electricity Control valves in plants, sensors used in weather observation, door locks, jails or traffic signals in so-called smart-cities.
Gradually, GCN reports that the search engine Shodan specializes in finding those Internet-connected devices – so it is very easy for hackers to find potential targets.
The most famous and spectacular DoS attack in the last few years
Spamous DDoS attack saw 120 Gbps traffic colliding with its network – one of the biggest attacks till March 2013
Chinese Internet share goes down in one of the largest DDoS attacks. Despite having one of the world’s most sophisticated security systems and the government having some of the highest capabilities to carry out cyber attacks on its own, China was not able to defend itself from attack.
A large 300 Gbps DDoS attack took advantage of the flaws of 100,000 unpublished servers, joining together as a botnet. An unknown data center was confronted with the sheer scale of the DDoS attack.
December 2014: An anonymous Internet service provider experienced an NTP (Network Time Protocol) DDoS attack that reached a new level of strength with 400Gbps – the largest service incident in history.
UK-based phone carrier Carphone Warehouse targeted by DDoS attack – while hackers steal data from millions of customersJuly 2015: Shortly after publishing interviews of 35 women accusing Bill Cosby of sexual harassment, New York magazine DDOS came under attack.
The threat of a DDoS attack on Microsoft’s Xbox Live service claims to take both Xbox Live and PlayStation Network for a week over the Christmas period. The attackers are trying to uncover the increasingly weak security of Microsoft’s services. the United Kingdom.