Weaponizing the IoT for DDoS Attacks

Guido Coenders
Weaponizing the IoT for DDoS Attacks


Two trends are coming together rapidly to create a perfect storm: the Internet of Things (IoT) and Distributed Denial of Service (DDoS) mitigation. In a recent webinar delivered by IHS Markit and Arbor Networks, the presenters noted the DDoS attack surface is exploding due to the number of exploitable new internet devices coming online, thanks to the emerging Internet of Things (IoT). In addition to the usual PCs, printers, smartphones and cameras, there’s a proliferation of smart meters, home health hubs, baby monitors, electric vehicle charging stations, infotainment head units, wearables and more.

One incident that caught everyone’s attention was the 2016 multi-vector Mirai Bot Net attack, which overwhelmed Dyn, a major DNS provider, with a botnet consisting of internet cameras, residential gateways and baby monitors. The attack size, recorded as the largest on record to date, had an estimated throughput of 1.2 terabits per second ꟷ scary in an era when low gigabit attacks have been typical.


Many of these new IoT devices come with default administrator user names and passwords that rarely get changed and are simple to exploit to create a whopper of a DDoS. And the incredible ease with which these attacks can be perpetrated by just about anyone is also driving this increase in magnitude. Consider the dark market of Botnet-for-Hire Attack Service providers that can launch attacks for you for a surprisingly small fee. All a budding hacker has to do is fill out a relatively simple online form. Some services even offer free trials. Much of the source code for various attacks is also freely available on the internet.

Multi-layered defense

These IoT-based attacks make it even more important to understand the latest DDoS trends, the risk and potential impact of such an attack to your organization, and established best practices in DDoS mitigation. Interestingly DDoS attacks have moved beyond the simple large volume attacks of yore to sophisticated, dynamic combinations of stealthy multi-vector application-level attacks and even campaigns of attacks that morph while they’re in progress. This requires a multi-layered approach to your DDoS security that includes on-premises, in-line protection and intelligent communication with your ISP or MSP, so it knows to deploy its own DDoS defenses when necessary.

Access to continuous threat intelligence is also critical to understand and defend against the latest attack vectors, which can change as regularly as the number of IoT devices that come online. Even Mirai has evolved to a higher level of sophistication since the dreaded Dyn cyberattack, with source address spoofing capabilities and other new features that can lead to even larger multi-terabit attack sizes. And, of course, you need well-defined mitigation processes and the right people in place to maintain these defenses and respond effectively.

Interconnection and DDoS

Aside from the right people and tools, there are interconnection approaches that can mitigate DDoS attacks, as we discuss in this blog article, “Be Ready: DDoS Attacks Like You’ve Never Seen Are Coming.” Rather than centralizing all your systems and information together as one big fat target, disperse them out at the digital edge to reduce the attack surface area. By leveraging an Interconnection Oriented Architecture™ (IOA™) strategy deployed on Platform Equinix™, DDoS mitigation becomes a major benefit, in addition to the high performance and low latency that you get from fast and secure interconnection.

Direct, dedicated connections to partners and cloud providers makes it considerably more difficult for botnets to reach you, not to mention the increased protection you gain from proximate, private connections to DDoS security providers and a locally colocated ISP ecosystem at the edge.

The sophistication, volume and frequency of DDoS attacks via the weaponization of the IoT is only going to get worse, so arm yourself with every defense you can through direct and secure interconnection.

Read the Interconnection Strategy Guide to learn more about how the power of an interconnection-first strategy like an IOA can help better secure your IT infrastructure against IoT-initiated DDoS attacks.

Avatar photo
Guido Coenders Director, Global Solution Architecture
Subscribe to the Equinix Blog