After KrebsOnSecurity covered vDOS for being a DDOS hack seller their site was hit with a historic DDOS. While DDOS mitigation has been discussed previously, this attack was nearly impossible to stop. The site was given pro-bono access to Akamai’s mitigation service but due to the size of the attack, Akamai had to sever ties. They predicted that protection of this one site would’ve cost millions of dollars and disruptive protection of their other clients. Diagnosis of the DDOS shows that a lot of attacks came from compromised IoT (internet of things) enabled devices. It was also the second largest DDOS that Akamai ever dealt with.
Google has stepped in with a new program called Google Shield. Its purpose is to prevent free speech from being silenced by malicious attackers. Google Shield protects news As this case proved it is cost-prohibitive to protect a small site from attacks so Google is trying to provide backup. Protection at a high level can cost $150,000 to $200,000 a year even if it is just a blog. The author fears of state sponsored actors also using this kind of DDOS power on individuals.
This story fascinates me. The attack on Krebs’ site is further proof that vulnerabilities in the IoT universe is a major concern for all of us. I also think it’s ironic that this story is raising so much awareness around potential solutions that exist to defend against DDoS. Krebs highlights that ISPs need to do more to defend against these types of DDoS attacks and also challenges major players to unite to defend against these types of attacks.
Another article I read on this, suggested some solutions that IoT users can employ to prevent their devices from being compromised and used in a botnet attack. In the article below, the author explains that IoT security can be accomplished at a network level “with a new generation of smarter routers that can monitor inbound, outbound, and inter-device connections in home networks and can identify and isolate malicious traffic and compromised devices.”
I’ve also included an article that was referenced that offers four solutions that can help secure IoT devices. Has anyone used these any of these devices? Or do you have any additional suggestions to secure IoT devices?
What you need to know about the imminent threat of IoT botnets – http://venturebeat.com/2016/10/01/what-you-need-to-know-about-the-imminent-threat-of-iot-botnets/
4 devices that can help secure your home’s IoT – http://thenextweb.com/insider/2016/01/04/4-devices-that-can-help-secure-your-homes-iot/#gref
I am wondering what kind of written agreement that Akamai and KrebsOnSecurity negotiated. Were provisions in that allowed Akamai to sever ties? I understand the size of certain attacks can be significant, but shouldn’t it be the responsibility of Akamai to defend or protect its clients at all cost? I’m curious to find out to what extent companies like Akamai are required to coordinate with clients in the event of cyber attacks.
Removed link to graphic to eliminate authentication error.