Dive Brief:
- French hosting firm OVH was hit with two concurrent DDoS attacks last week attributed to botnets made up of compromised IoT devices, according to a IDG News Service report.
- The botnet comprised 145,607 hacked digital video recorders and IP cameras, according to the report.
- Octave Klaba, the founder and CTO of OVH, said one of the two DDoS attacks last week peaked at 799Gbps, making it the largest DDoS attack ever reported.
Dive Insight:
Earlier this month, the Online Trust Alliance (OTA) said most IoT security problems could be attributed to insecure credential management, failure to disclose consumer data collection and sharing policies, and a lack of rigorous security testing during the development process, among other shortcomings.
A DDoS stemming from compromised IoT devices shows the advanced capabilities malicious actors have when targeting networks. Ensuring the devices remain secure could help stop such large-scale attacks from taking place. But, to prevent insecure devices, companies will have to bake in security measures rather than adding it on later as an afterthought.
The emergence of IoT also means unprecedented new challenges for IT security professionals. The use of IoT devices is on the rise, and one way or another they will find their way into the enterprise. Already there are concerns about how many devices can automatically sync to networks, possibly creating a cybersecurity flaw in a network.
Gartner predicts that 21 billion IoT devices will be used globally by 2020, outnumbering laptops, smartphone and tablets.