Some malware incidents will go down in history. The IT industry remembers 2006, for example, as the year of Stuxnet, an infamous worm that drew public attention to the insecurity of supervisory control and data acquisition (SCADA) and programmable logic controller (PLC) systems. I’m quite sure that 2016 will be similarly defined as the year of the distributed denial-of-service (DDoS) attack.

A New Breed of DDoS Attack

DDoS isn’t new. In fact, it has been a common cybercriminal tool for decades. And although this type of attack took down many popular websites in 2016, that’s not why DDoS defined the year in cybersecurity. Rather, 2016 will go down as the year cybercriminals began incorporating the Internet of Things (IoT) into DDoS campaigns on a wide scale.

This new breed of malware is designed to infect millions of IoT-connected devices — not to damage them directly, but to create massive botnets through phishing campaigns, ransomware and other ploys. These botnets facilitated many high-profile attacks that knocked out several prominent websites this past year. The method is not entirely new, but the scale and success of these campaigns are quite impressive.

DDoS Best Practices for 2017

Let’s look at it from the perspective of the owner of a device used to facilitate a DDoS attack. All kinds of connected devices, from cameras, smartphones and sensors to refrigerators, light fixtures and washing machines, are fair game. Many enterprises have proper mobile security controls in place to protect their devices, but regular users, in general, are not as well-prepared. When shopping for a refrigerator, for example, consumers rarely consider what operating system it runs or whether it has a virtual private network (VPN).

It is time for consumers and businesses to change this behavior for 2017. Users should educate themselves about the consequences of DDoS attacks and vendors should be held responsible for building effective security measures into their devices. Increased awareness is the key across the board.

Read the X-Force Research report: Extortion by distributed denial of service attack

More from Advanced Threats

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

4 min read

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

4 min read

Detections That Can Help You Identify Ransomware

12 min read - One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed tools, techniques and procedures that can often be detected through the default Windows event logs (WELs). In particular, the X-Force IR team has identified several…

12 min read

How to Report Scam Calls and Phishing Attacks

5 min read - With incidents such as the Colonial Pipeline infection and the Kaseya supply chain attack making so many headlines these days, it can be easy to forget that malicious actors are still preying on individual users. They're not using ransomware to do that so much anymore, though. Not since the rise of big game hunting, anyway. This term marks ransomware actors' shift away from attacks against individual users and towards operations targeting large enterprises, noted CNBC. But attacks like phishing and…

5 min read