ISPs Can and Should Protect Users Against DDoS Attacks

  • Household IoT devices face an ever-increasing risk without proper security
  • Hackers compromise IoT devices and integrate them into botnets responsible for major DDoS attacks
  • ISPs can do much more to protect their customers and infrastructure

IoT makes people’s lives more comfortable, but for all the good it does, it’s also a prime target for botnets and threat actors. Compromised IoT devices launch DDoS attacks against online services, companies, or even people. There’s an entire industry built around the DDoS-as-a-Service principle, and the potential victims don’t have many options for protection. A possible solution lies in the hands of ISPs when they choose to provide IoT security to their customers.

DDoS attacks started more as a curiosity, without being driven by money or ideology. Over the years, bad actors used DDoS attacks to take down websites or to hamper online services. Some of these actions still occur in today’s world, but the attacks can be rented out, allowing a growing number of people who lack the technical knowledge to get involved in this type of activity.

Some of the largest DDoS attacks today are deployed with the help of botnets using compromised IoT devices. For example, Amazon Web Services (AWS) reported a 2.3-terabit-per-second (Tbps) attacks in February 2020, likely coming from a large botnet.

Suspicious IoT incidents are increasing

Bitdefender’s telemetry showed a 46 percent increase in just six months for suspicious IoT incidents. Since 61.56 percent of all traditional internet-connected devices within households consist of smartphones, computers, tablets, laptops, consoles and routers, it only means that regular consumers are likely possible victims.

Most of these devices are commonly used in IoT botnets and attacks. According to Imperva research, a more interesting aspect relates to one of the main targets of these attacks, the gaming and financial services industries.

It turns out that DDoS-for-hire is really popular in the gaming community because it allows players to direct attacks against competitors during matches, crippling their internet connection and giving them an edge in the process. Besides the players, the other victim are the ISPs that have to route traffic that’s ultimately involved in illegal activities.

ISPs are not powerless

Directing a DDoS attack against a single target inside an ISP’s infrastructure is not difficult, and the target usually doesn’t have the means to fend off an attack. If the threat actors are serious, an application layer could be leveraged for the same effect, but this time affecting the network.

The Bitdefender IoT Security Platform is designed to protect both the end-user and the IPS infrastructure in case of DDoS attacks. The solution is light and can be integrated into existing hardware, allowing the provider to deploy smart solutions to people’s houses.

One of the critical features of Bitdefender’s IoT Platform is its ability to isolate the affected device in the household and cut the connection to it, without affecting the online connectivity of the remaining systems.

Protecting the users from DDoS attacks is a shield that covers the company as well, not to mention that it offers an undisputed value proposition that’s difficult to match. Also, ISPs don’t have to worry about in-house development and costs.

The security platform is not limited to DDoS protection but covers vulnerability assessment, web and brute force protection, parental controls, and everything people need to keep their devices safe.