In a survey of more than two hundred information security professionals attending the recent Black Hat USA 2016 conference in Las Vegas, over three-quarters (78%) of respondents said they were concerned about the potential “weaponization” of Internet of Things (IoT) devices in distributed denial-of-service (DDoS) attacks.
At the same time, however, roughly two-thirds (69%) admitted they were currently not prepared for the security risks associated with IoT devices; although of that number, 37% indicated that their organization would “soon” be prepared to deal with such threats.
“The internet of things presents a clear weak spot for an increasing number of information security organizations,” said Tim Erlin, senior director of IT security and risk strategy for solution provider Tripwire. “By ensuring these devices are securely configured, patched for vulnerabilities and being monitored consistently, we will go a long way in limiting the risks introduced.”
While not seen as being the foremost cybersecurity threat faced by those surveyed, a new DDoS threat landscape report published by website security company Imperva found that the number of such attacks increased 211% between April 1, 2015, and March 31, 2016 with “malicious actors experimenting with new attack methods designed to bypass mitigation solutions, while intensifying the rate and scope of their offensives.”
“It wasn't so long ago that home computer ‘zombie armies’ were the weapon of choice for a lot of cyber attacks and denial of service attacks,” said Erlin. “It seems that security professionals see IoT devices as a sort of ‘zombie appliance army’ that’s worthy of great concern.”