A new report from Arbor Networks has identified Internet of Things (IoT) botnets as the latest security risk to emerge in the corporate world. It’s part of the company’s 12th Annual Worldwide Infrastructure Security Report (WISR) and indicates that hackers, as has been hinted and reported elsewhere, are now interested in inanimate objects as much as they are in computers.
The issue with the IoT is not only the sheer proliferation of smart devices but also the release of the Mirai botnet source code. This has meant an exponential increase in distributed denial of service (DDoS) attacks; since Arbor began the WISR in 2005, DDoS attack size has grown 7,900 per cent, translating to a CAGR of 44 per cent. This has accelerated over the last five years and there is little prospect of it getting any better.
The frequency of such attacks has also gone up. 53 per cent of service providers told Arbor that they were seeing more than 21 attacks per month – up from 44 per cent last year.
Botnets and consequences
The consequences of these attacks are becoming clearer, the company believes. Attacks have made corporate websites unavailable which has cost companies thousands, sometimes millions of dollars, the company says, with 25 per cent of data centre and cloud providers confirming the cost of an attack had risen over $100,000 and five pe rcent citing costs of over $1 million.
Attacks are also increasing in complexity, the report concludes. It would therefore be facile to claim there was a simple remedy; however, the good news is that a greater awareness of the risk has led to more appropriate behaviours around risk. 77 per cent of service provider respondents claimed to be capable of mitigating attacks in less than 20 minutes, which has to be an encouraging sign.
However, in an environment in which a company the size of Yahoo! can find a billion accounts compromised and in which only yesterday a cloud pioneer was suggesting we have the approach to security technology all wrong anyway, there is no room for complacency.