Study backs IoT/DDoS concerns
A new study from one of the companies that battled a huge internet device-based attack underscores the need for stronger internet-of-things security.
A new report supports concerns that the massive distributed denial-of-service attack on internet services provider Dyn and other sites in September and October marks a dangerous milestone for cybersecurity.
In Akamai's third-quarter 2016 "State of the Internet/Security Report" released on Nov. 15, analysts said the Mirai botnet's attack on Dyn, which harnessed hundreds of thousands of internet-facing devices, opens a new horizon for the severity of future attacks.
"Every couple of years the industry faces what could be considered 'harbinger attacks,' where the size and scope of a security event are radically different than what has come before," said Martin McKeay, senior security advocate at Akamai and senior editor of the report, in a statement. "I believe the industry faced its latest 'harbinger' with the Mirai botnet."
DDoS attacks greater than 100 gigabits/sec increased 138 percent in the past year, according to the report. However, the attack on Dyn was not the most massive in the third quarter.
Akamai said two DDoS attacks in that time frame topped previous highs at 623 gigabits/sec and 555 gigabits/sec. Both targeted cybersecurity analyst Brian Krebs' website. Akamai said it had been providing protection for Krebs' site on a pro-bono basis, but the attacks were so massive and required so many resources to block, it had to re-evaluate providing the free security.
With the Sept. 20 attack on Krebs' website, Akamai "found itself on the receiving end of a 623 gigabits per second attack" that was the biggest it had ever battled.
According to a post-attack analysis by Scott Hilton, Dyn's executive vice president of products, the attack on the company was a "sophisticated, highly distributed attack involving [tens] of millions of IP addresses."
The vulnerability of internet-of-things devices and the attack on Dyn prompted the National Institute of Standards and Technology to bump up the release of its updated guidance on how to develop secure systems from the bottom up, which encourages device and systems makers to incorporate security beginning at the product design phase.
McKeay said the Mirai botnet showed the need for device manufacturers to place more emphasis on security.
NEXT STORY: Former spy chief says U.S. lacks cyber framework