Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

IoT DDoS Reaches Critical Mass

In the wake of the Mirai botnet activity that dominated the end of last year, the “DDoS of Things (DoT)”, where bad actors use IoT devices to build botnets which fuel colossal, volumetric DDoS attacks, has become a growing phenomenon.

According to A10 Networks, the DoT is reaching critical mass—recent attacks have leveraged hundreds of thousands of IoT devices to attack everything from large service providers and enterprises to gaming services, media and entertainment companies. In its research, it uncovered that there are roughly 3,700 DDoS attacks per day, and the cost to an organization can range anywhere from $14,000 to $2.35 million per incident.

In all, almost three quarters of all global brands, organizations and companies (73%) have been victims of a DDoS attack. And, once a business is attacked, there’s an 82% chance they’ll be attacked again: A full 45% were attacked six or more times.

There were 67 countries targeted by DDoS attacks in Q3 2016 alone, with the top three being China (72.6%), the US (12.8%) and South Korea (6.3%). A10 found that 75% of today’s DDoS attacks target multiple vectors, with a 60/40 percentage split of DDoS attacks that target an organization’s application and network layers, respectively.

Meanwhile, DDoS-for-hire services are empowering low-level hackers with highly damaging network-layer bursts of 30 minutes or less. This relentless attack strategy systemically hurts corporations as colossal DDoS attacks have become the norm too; 300 Gbps used to be considered massive, but today, attacks often push past 1 Tbps thanks to the more than 200,000 infected IoT devices that have been used to build global botnets for hire.

No industry is immune: While 57% of global DDoS attacks target gaming companies, any business that performs online services is a target. Software and technology were targeted 26% of the time; financial services 5%; media and entertainment, 4%; internet and telecom, 4%; and education, 1%.

What’s Hot on Infosecurity Magazine?