Record-setting Australian DDoS attack is a reminder to get your IoT security in order

As IoT devices proliferate, security spend is becoming a corporate compliance issue.

Internet of things (IoT) security will become a key corporate compliance issue as growing adoption opens up new avenues for cybersecurity compromise, experts have warned as analysis of traffic analysis confirmed that the Memcached attack delivered Australia’s largest-ever distributed denial of service (DDoS) attack in February.

Growing DDoS attacks have been tied directly to the spread of IoT, with recent Mirai and derivative attacks leveraging insecurities in IoT devices to amplify DDoS traffic on a global basis.

As hackers continue to experiment with and refine their ability to use potentially crippling IoT botnets, Gartner research director Ruggero Contu has predicted that IoT security will rapidly become a key investment priority for businesses that are rushing to embrace the myriad sensors and other smart devices now flooding the market.

“Organisations often don’t have control over the source and nature of the software and hardware being utilised by smart connected devices,” Contu wrote.

“We expect to see demand for tools and services aimed at improving discovery and asset management, software and hardware security assessment, and penetration testing. In addition, organizations will look to increase their understanding of the implications of externalizing network connectivity. “

As a result, Gartner has forecasted IoT security spending to grow dramatically, surging 28 percent over 2017 levels to reach $US1.5 billion ($A1.94b) this year.

Spending on IoT-related gateway security will double between 2018 and 2021 to $US415m ($A537m), Gartner’s forecasts have predicted, while professional-services spend will grow from $US946m ($A1.23b) to $US2.071b ($2.68b) by 2021.

A lack of security best practices and tools in IoT planning will create drag on IoT spending plans – challenging plans to build a unified corporate defence due to haphazard, business unit-led implementations of poorly or non-integrated products that still lack common, interoperable industry security frameworks.

“Although IoT security is consistently referred to as a primary concern, most IoT security implementations have been planned, deployed and operated at the business-unit level, in cooperation with some IT departments to ensure the IT portions affected by the devices are sufficiently addressed,” Contu said.

“However, coordination via common architecture or a consistent security strategy is all but absent, and vendor product and service selection remains largely ad hoc, based upon the device provider’s alliances with partners or the core system that the devices are enhancing or replacing.”

Better IoT security can’t come too soon: new DDoS traffic figures from NETSCOUT Arbor found that DDoS traffic surged to 335Gbps and 29.4 million packets per second (Mpps) on 27 February – a record for an Australian DDoS attack and approximately 10 times the average traffic flow for the rest of the month.

This coincided with a world record-setting attack of 1.35Tbps against code-hosting company GitHub, which was itself surpassed days later by a 1.7Tbps attack that led NETSCOUT Arbor to declare that “the terabit attack era is upon us”.

Sources of the attacks on Australia were closely split between the United States (accounting for 28.86 percent of attacks), Russia (24.83 percent), China (24.16 percent), and India (22.15 percent). And the total number of DDoS attacks was down overall, at just 6200 over the previous six months – compared with around 11,000 attacks in the six months to September 2017.

The figures support predictions that DDoS volumes would continue to surge in the leadup to the Pyeongchang Winter Olympics in February, and indeed the record-setting attack came just hours after the Olympics closing ceremony on 25 February. At the time, NETSCOUT Arbor country manager Tim Murphy told CSO Australia the firm was already seeing signs of an uptick in DDoS activity – presaging the record-setting Memcached attack.

Telecommunications carriers were asserting their roles as front-line defenders against DDoS attacks, Murphy said, noting that telcos such as Telstra had established distributed DDoS detection and cleansing facilities around the world.

“In Australia, thankfully, we are very lucky that our Tier-1 telcos are quite prepared for large DDoS attacks,” he said. “That doesn’t mean that enterprises are well prepared – but that from a core perspective, we are very well prepared as a nation. We see bigger and nastier perpetrators every week – so businesses need to be more nimble not only in their ability to detect these, but their ability to mitigate them.”