Home Routers and IoT Devices Set to Drive DNS DDoS Attacks

The volume of DNS-based DDoS attacks will see another sharp rise this year as increasing numbers of home routers and IoT devices are compromised, according to Nominum.

The network infrastructure and security firm claimed there was a 100-fold rise in such attacks during 2014 with a major spike in December thanks to malware in home gateways.

The trend is likely to continue in 2015, with the volume of exploitable home and IoT devices set to soar.

According to Nominum, just 100 compromised devices managed to take down one million subscriber networks last year.

In such DDoS campaigns, the attackers send specially crafted queries to ISP DNS resolvers and authoritative DNS servers, making the websites reliant upon them unreachable.

Nominum claims that many DDoS prevention services are unable to counter these attacks as they’re either deployed in the wrong part of the network or lack accuracy.

The firm added that last year, 24 million home routers with open DNS proxies were compromised and used to launch DDoS attacks.

The volume of vulnerable devices has decreased since then, but with more than 100 million routers shipped every year and IoT devices set to reach tens of billions over the coming years, there’ll be plenty of opportunity for attackers to strike, it claimed.

“The recent shift to bot-based DNS DDoS dramatically changes the threat landscape and these attacks will likely grow worse as the number of connected devices increases,” said Craig Sprosts, vice president product management at Nominum, in a statement.

“These attacks are continuously changing and increasingly targeting legitimate domains, requiring rapid response and making simple domain or IP-based blocking approaches too risky to deploy in service provider networks.”

However, David Stubley, CEO of security consultancy 7 Elements, argued that firms shouldn’t focus all their defensive efforts on DNS-related DDoS.

"We have been dealing with bots and DDoS for the last 15 years and have seen a number of new techniques, such as BitTorrent as a delivery method for DDoS attacks,” he told Infosecurity.

“While DNS amplification attacks will make DDoS attacks larger, this is just one of a number of approaches used and doesn't dramatically change the threat landscape. Organizations need to assess the overall impact on their business that a DDoS attack could have and take appropriate measures to ensure that they can meet their business objectives.” 

What’s Hot on Infosecurity Magazine?