DDoS Attacks Are A Growing Risk For All Online Service Providers

Featured article by Justin Blanchard, expert in brand visibility, sales growth and B2B community engagement

In October, a massive distributed denial of service attack seriously degraded the service of one of web’s major infrastructure providers. The web depends on DNS, and if one the big DNS providers is in trouble, that spells a bad day for the rest of the web. In this case, Twitter, Reddit, and hundreds of smaller sites and web applications were disrupted.

The culprit: insecure Internet Of Things devices. The Internet of Things has, for several years, been touted as the next major evolution of the Internet. And no doubt the hype is at least partially correct. The ability of formerly dumb devices to collect and process data and connect to the web is a game changer in both the consumer and enterprise spaces.

However, it also creates a significant source of risk. Hijacking vulnerable Windows PCs, Linux servers, and content management systems with malware is one thing. Hijacking wide-open security cameras, fridges, televisions, and light bulbs is something else altogether. There are tens of millions of these devices. In the future there will be billions.

If the current trend continues, most of those devices will be insecure. Because security isn’t a big selling point for smart devices (savor the irony of utterly insecure security cameras), there’s no real incentive for IoT device manufacturers to invest in the sort of security that keeps servers safe.

In a recent attack, it seems a huge number of the devices used were webcams, each of which used the same default username and password to grant remote access. They were a gift to DDoS network builders. The devices were recalled, but factories are still churning out many millions of poorly secured devices every year, which means there’s likely to be no let-up in huge DDoS attacks anytime soon.

That’s bad news for smaller hosting and infrastructure providers that can’t hope to deal with the deluge. In the past, if an infrastructure provider had a client that was victimized by a DDoS attack, degrading service for all customers, the provider would simply pull down the victim’s servers. It was a drastic step, but it was pragmatic to protect the interests of the greater number of clients.

As DDoS attacks become more common and more serious, infrastructure hosting users will expect advanced DDoS mitigation to be part of the basic package. DDoS mitigation should be included as standard, and infrastructure clients who are serious about keeping sites and services up should choose a provider who is capable of protecting them from a problem that is only going to get worse over the coming years.

 About the Author

Justin Blanchard has been responsible for leading initiatives that increase brand visibility, sales growth and B2B community engagement. He has been at the core of developing systems, tools and processes that specifically align with Server Mania’s client’s needs.