Combating DDoS of Things

Henk Jan Spanjaard, Vice President of EMEA Sales at A10 Networks discusses how threat actors are using IoT and connected devices to launch DDoS attacks and what can be done to shield enterprise data, applications and networks from such attacks.

Henk Jan Spanjaard, Vice President of EMEA Sales at A10 Networks

Threat actors have weaponized the Internet of Things (IoT) and connected devices. They’re using unsecured IoT devices and creating botnets to launch catastrophic distributed denial of service (DDoS) attacks. This has given rise to the DDoS of Things (DoT).

Fuelled by headline-making malware like Mirai and Leet, these DDoS attacks have reached unprecedented levels with DDoS of Things attacks exceeded the 1 Tbps threshold. And it’s only expected to get worse.

What can you do to protect your networks, your data and your applications from the DDoS of Things? How can you ensure that a massive IoT-fueled attack doesn’t take you down?

Here, we offer five tactics you can use today to combat the DDoS of Things:

Be Ready for Multi-Vector Attacks

Like a well-trained solider, you have to be ready for DDoS attacks to come at you from any angle and in any style. And you have to be prepared for attacks on any solution sets and for any volumes of traffic. It doesn’t matter where it’s coming from, you have to be prepared.

Having a plan in place to battle volumetric, multi-vector attacks can make the difference between success and failure.

For example, a step as simple as setting up upstream DNS services can protect you from an attack, such as the DDoS attack against DNS provider Dyn, which took out a number of the web’s biggest consumer application services, including Spotify, Reddit, GitHub and Twitter. Having an upstream DNS service could’ve helped those services avoid damaging downtime.

What’s your response to huge volumes of traffic being thrown your way? In the cyber security world, there’s a simple adage that will always ring true: If you’re not ready, you’re already too late. You have to be prepared.

Rate Limiting is Not Enough

Slowing traffic down simply does not work. Threat actors have tools and capabilities that they use and resell that can launch attacks reaching Terabyte and potentially larger traffic levels. Driving traffic down to trying to rate limit it will have no impact.

Everyone, everywhere is connected. Even if you’re doing the right thing by rate limiting and driving traffic where it wants to go, someone connected to your network or service with upstream and downstream connections that can affect your infrastructure may not have those capabilities in place. That means you’re going to topple and fall over one way or another.

Rate limiting us not enough to fight DDoS of Things threats.

Leverage Threat Intelligence

If your organization is not using threat intelligence, you are automatically five years behind.

Threat actors use it. They gather the latest intel from underground sites, forums, and social networks such as Facebook, Twitter and GitHub, and they use it to go after their targets. They also share information among each other to discuss best practices of how to put plans and procedures in place so they know what or whom to go after.

If you’re not at least using open-source solutions and freely available threat intelligence to make your solutions stronger, you’re going to have big issues in the future.

Think about a military combat situation – if you have good intelligence, and you using it, you have a leg up on those who are not, and you will survive longer.

Build Auto-Escalation into Your Strategy (Not Just into the Technology)

You have to be able to say, “Here’s the threat. Here’s where they’re coming from. This is what it’s going to do. Here are the mitigations in place and the technology we’re using. What do we put in now so we know how to go up?”

If threat actors throw targeted multi-vector attacks with more traffic and they know where your fail points are, if you don’t have a strategy in place to auto-escalate extremely quickly and effectively, bad things will happen.

The moment you start losing traffic, money is going out the door. If you can’t auto-escalate and auto-mitigate and move it into place to thwart threats in an ongoing fashion it’ll get worse.

The capabilities and technologies are there. The strategy and the process to move forward is critical to success.

Get Ready for Scale

IoT devices are scaling. Everything is sending more data. Traffic levels continue to grow exponentially. Scale is the new 10,000-pound gorilla.

If you’re not thinking about scale now, you’re well behind the curve.

Questions you should ask yourself include: How can I scale everything across all of my disparate environment? How can I implement my mitigation strategy? How can I scale every asset, every tool and every capability? When it does scale, how?

Six months from now, the scalability you have in place today isn’t going to be sufficient, especially in the face of today’s more sophisticated DDoS of Things attacks. You need to plan for scale today and in the future.