October 3, 2014 By Douglas Bonderud 2 min read

Though Internet connection speeds are up and distributed denial-of-service (DDoS) attacks are down, there’s a new DDoS in town, Spike, that is showcasing critical vulnerabilities in corporate networks. Spike is the first toolkit that goes beyond desktops to simultaneously infect routers enabled by the Internet of Things (IoT).

And it’s spreading.

Power Tools

According to CSO Online, content delivery network Akamai Technologies found evidence of this new toolkit six months ago and managed to stop several attacks against Asian and U.S. corporations. The network also got a good look at the new kit and discovered a host of new power tools.

David Fernandez of Akamai’s PLXsert lab called the DDoS toolkit “pretty impressive” because it doesn’t just infect Windows systems, but also targets Linux- and ARM-based devices. That means everything from connected thermostats to light switches and security systems are potentially vulnerable.

What’s more, the toolkit isn’t small-scale: Akamai tracked one attack that peaked at 215 gigabits per second and 150 million packets per second, and a botnet controlling 12,000 to 15,000 devices was also found, according to Network World. In addition, Spike can attack multiple network endpoints at the same time using up to four unique command-and-control servers. This means SYN, UDP, GET and Domain Name Systems are equally vulnerable to massive attacks, and while no evidence was found of IoT infection, the fact that ARM and Linux were included with the kit suggests Windows-based breaches may only be a precursor.

Building a Better Kit Against DDoS Attacks

DDoS isn’t new. As noted by Defense.net, the first flood command (-f) in ping.c source code happened in 1990, and by 1997, toolkits were made public by attackers. Over the past year, however, the total number of these attacks decreased. According to Computer World (using data from Akamai’s 2014 State of the Internet Report), DDoS attacks decreased 15 percent year-over-year and in both Q1 and Q2 2014.

So what should companies make of toolkits like Spike or the recent attacks on the Facebook alternative Ello? Are they simply one-offs, or is the attack landscape shifting from sheer volume to more targeted efforts?

In fact, the rise of Spike isn’t surprising, nor are the Ello attacks. Just like the social media network, stories about IoT-based devices have been hot news lately, making them prime candidates for designer infections. Big news means big coverage of any breach, and new technologies often come with hidden vulnerabilities — exactly what malicious attackers love to sniff out.

Controlling the Flood

What can companies do to stop the spread of Spike and other new toolkits? Best practices from agencies like the National Security Agency and National Institute of Standards and Technology are good starting points, while Akamai argues for cleanup efforts from private and public institutions to remove Spike infections while they’re still few and far between.

But that’s just the first step. The rise of an IoT-targeting DDoS speaks to a need for information technology professionals to reimagine corporate networks as a community of device equals rather than a hierarchy. It’s a wake-up call: Controlling the DDoS flood means waterproofing the network from top to bottom, and when any device poses a risk, every device must be part of the security conversation.

More from

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

How I got started: Cyber AI/ML engineer

3 min read - As generative AI goes mainstream, it highlights the increasing demand for AI cybersecurity professionals like Maria Pospelova. Pospelova is currently a senior data scientist, and data science team lead at OpenText Cybersecurity. She also worked at Interest, an AI cybersecurity company acquired by MicroFocus and then by OpenText. She continues as part of that team today.Did you go to college? What did you go to school for?Pospelova: I graduated with a bachelor’s degree in computer science and a master’s degree…

Europe’s Cyber Resilience Act: Redefining open source

3 min read - Amid an increasingly complex threat landscape, we find ourselves at a crossroads where law, technology and community converge. As such, cyber resilience is more crucial than ever. At its heart, cyber resilience means maintaining a robust security posture despite adverse cyber events and being able to anticipate, withstand, recover from and adapt to such incidents. While new data privacy and protection regulations like GDPR, HIPAA and CCPA are being introduced more frequently than ever, did you know that there is new…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today