Get in Touch
Technology and financial industry sectors.
The Internet of Things (IoT) is a network of physical devices in which data can be transferred from one to another without human intervention. IoT devices, which include smartphone devices, Apple watches and personal medical devices, can contain sensors which are assigned as unique identifiers (UIDs).
The IoT has improved efficiency in many sectors such as healthcare and logistics. However, the proliferation of IoT devices has come with increased security risks such as those relating to distributed denial-of-service (DDoS) attacks.
IoT DDoS attacks specifically target the IoT devices rather than targeting any connected internet devices. The main objective of such attack efforts is to overload servers with requests and cause them to crash.
Containment, Mitigations & Remediations
To mitigate against an IoT DDoS attack, it is strongly recommended that the following defence strategies are adhered to:
Provide education on safe IoT practices: encourage changing the default password for both corporate and home users, update firmware regularly to prevent the devices from being compromised, and provide IoT security and penetration testing
Regularly patch the devices from any known vulnerabilities being exploited; make sure to regularly update devices with the latest firmware.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
The objective of DDoS attacks is for threat actor groups to try to compromise business operations, which will likely result in financial loss and associated reputational damage for target organisations. As such, threat actors become aware of the vulnerabilities contained within IoT systems, and it has been assessed to be highly likely that DDoS attacks against these devices will emerge.
No attribution to specific threat actors or groups has been identified at the time of writing.
T1498 – Network Denial of Service