Distributed Denial of Service (DDoS) attack: flooding the bandwidth or resources of a website’s system by sending ten thousands of requests within a matter of milliseconds. Over the past couple of years, it has become common practice for the websites of companies, but also societal- and government institutions worldwide to be temporarily unavailable due to the rise in these DDoS attacks.
What makes matters worse is that recently a giant botnet of Internet of Things (IoT) devices such as smart thermostats, refrigerators, and cameras launched the largest DDoS attack ever recorded in our history against a cybercrime-journalist, called Brian Krebs. He’s a well-known critic who published a number of articles about vDOS, a cybercrime syndicate that facilitates such hacking. Allegedly, he was targeted by more than 120,000 IoT devices, an incredible amount.
To launch a DDoS attack one must first have a network of badly secured computers at their disposal that can overload a webserver with thousands of requests. It’s also possible to create a DDoS network by scanning the Internet for computers with a faulty connection and installing malware on this. The latter can be done by purchasing certain malware on the dark- or deep web through the use of a Tor browser, but you can also use the shady attack-for-hire services that are offered by the Israeli based vDOS.
For the botnets of vDOS it is easy to hack these IoT devices as the manufacturers often install their products with easily guessable passwords such as “12345” or “admin”, which turns it into child play for the attackers. What is even more worrying is that by 2020 it is expected that we will have over 21 billion IoT devices across the globe. This can have far-reaching implications. Namely, DDoS attacks are expected to become considerably more powerful and could become a major problem in a world where devices are rapidly becoming interconnected with one another.
In order to stop this threat, a mandate from governments should be issued that force the manufacturers in the hardware industry to make these devices more secure by e.g. asking for a password change as soon as the products are installed or used for the first time. Regulating and monitoring this industry more closely seems like cure for now if implemented properly, yet it does not present a solution for the millions of badly secured devices that are already out there..
Sources:
https://fd.nl/opinie/1170195/hoe-slimme-apparaten-aanvallen
Interesting article. Note that these attacks have happened after you posted the blog:https://tweakers.net/nieuws/117059/ddos-aanval-op-dns-provider-dyn-werd-uitgevoerd-met-mirai-botnet.html
very scary development..