By end of 2017, at least 20 percent of businesses would be utilising security services to protect Internet of Things (IoT) initiatives, according to a security report prepared by Nexusguard, a company that specialises in Distributed Denial of Service (DDoS) security solutions.
Revealing the key findings in a press release today, Nexusguard said the in-depth security report examined the under-reported risks that came with always-online IoT devices that were susceptible to attack. The research was conducted by leading research and market intelligence firm Cybersecurity Ventures.
The report underscored the inherent risks of IoT devices, especially routers which were often used as the “jumping off” point for aggressive DDoS attackers. These vulnerable devices could be exploited during software updates and used as launch proxy servers that could be targeted at businesses which were then extorted for monetary payment. DDoS was often the “first wave” of attacks by hackers who used them to distract companies from other more targeted intrusions.
Routers were also being used in Simple Service Discovery Protocol (SSDP) reflection attacks which targeted unpatched or un-patchable routers, according to Nexusguard. These SSDP attacks were especially dangerous because they could utilise vulnerable routers to amplify an attack beyond normal bandwidth limits while also hiding the original source of the attack.
The other key findings and market statistics of the research included:
- The multi-trillion dollar IoT market would lift security research and spending through 2025
- IoT devices relied heavily on shared libraries and a rapid development cycle. Because of their constraints, many IoT devices had limited options for firmware upgrades and other risk management features, making them highly susceptible to intrusion and attacks
- As older devices were no longer supported by manufacturers and patches/fixes ceased, there would be increased opportunity for hackers
Founded in 2008, Nexusguard claims to be the global leader in fighting malicious Internet attacks, protecting its clients against a multitude of threats, including DDoS attacks.
Recent pertinent security statistics from Nexusguard:
In the past seven days the company saw 64 internet-based scans for SSDP services
In a recent attack the company tracked 559 edge devices (a device which provides an entry point into enterprise or service provider core networks) that were being exploited, with more than half located in the USA, China, Bulgaria and Russia
Said Terrence Gareau, Chief Scientist, Nexusguard, “Home routers and other similar Internet-connected devices are easy access points for hackers, who can use them to launch DDoS or setup proxies for internet fraud that can shut down ISPs or cripple a business. These attacks can be especially harmful to the providers of IoT services, for example if an alarm system is controlled by an app, the attack could completely shut down this capability, rendering the entire service unusable. We’re the dominant player in DDoS and IoT attack prevention and believe it is important to raise industry awareness about the persistent IoT threat.”
Graphics by: Pixteller