- IoT devices are everywhere and many users don’t even realize they own such hardware
- Some of the largest DDoS devices originate from IoT botnets
- Security is now in the hands of ISP and smart routers
Internet Service Providers ubiquitously divide the world between them. Any user online today gets the Internet connection from an ISP. It's easy to imagine such organizations fighting to protect businesses from hackers and other bad actors, but it turns out that their customers are also some of their biggest vulnerabilities.
A couple of decades ago, a 15-year-old named Michael Calce figured out a way to flood the traffic on large websites such as eBay and Amazon, essentially shutting them down. He didn't want anything in particular. The act was enough. His discovery changed the world of cybersecurity, and distributed denial of service attacks (DDoS) are now one of hackers’ main tools.
Today, DDoS attacks are a lot more complex, targeting different network layers. Even worse, DDoS attacks are a booming business, with shady companies giving regular users the tools to take down remote online services from halfway across the world just by paying a monthly subscription. And then there are the infamous botnets, many of which are comprised of smart, small and powerful Internet of Things devices that have been compromised and tasked for other purposes.
But it’s not just attackers who evolve with the times. Companies also learn to adapt. Deflecting such attacks is possible and organizations manage to remain online even during such events.
IoT devices are everywhere
With an estimated 30 billion active IoT devices in 2020 and an estimated 75 billion by 2025, it's becoming harder not to spot them everywhere. People's homes are full of smart devices, and the unfortunate truth is that many of them are incredibly vulnerable. Moreover, people access the internet through consumer-grade routers, which are riddled with exploits, bugs and vulnerabilities. And routers are a favorite target for hackers looking to take over IoT devices.
Now, many IoT attacks come from botnets composed of mostly IoT devices. While most IoT hardware is not all that powerful, their power becomes obvious when used by the thousands.
Just recently, Google said that in 2017 it witnessed one of the largest DDoS attacks on record. According to their Security Reliability Engineering team, the attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS and SMTP servers. This was four times the size of the much more infamous Mirai botnet. The analysis shows that threat actors used several Chinese ISPs.
IoT security is a problem for ISPs and consumers
The deplorable state of IoT security is no industry secret. When deploying new devices to market, the prioritization of speed is catching up to companies that ignore security. And now customers and ISPs are paying the price.
Most people have their own home networks, with a router controlling all devices, whether it's computers or smart thermostats. Now, imagine going one step above. The ISP has its own network made of the customers' smaller home networks. This means that any vulnerable device inside the user's network is a problem for the company as well.
A situation can arise where multiple IoT devices inside an ISP network become infected, taking part in large DDoS attacks. Leaving aside that it's a direct problem for customers, it's also a liability for ISPs that inadvertently become part of the attack.
The only way an ISP can exercise a measure of control is to implement a security solution at the router level in each home. Bitdefender's IoT Security Platform is a natural choice, especially since it works with existing hardware.
The platform has numerous features, but a couple stand out and are immediately useful. First of all, the security solution highlights any vulnerable devices inside the network. Secondly, it can detect and stop DDoS attacks stemming from an infected IoT device inside and cut off the Internet access only for that piece of hardware.
The value proposition for such a smart router is undeniable, and with the surge of people working from home, ISPs now have to take IoT security a lot more seriously. to the ability stop DDoS attacks at the source is not something that many ISP can promise to their customers, not to mention that the security platform will also protect companies' own hardware in the process.