Cloud service provider Akamai Technologies (Akamai) said that both device manufacturers and users need to take steps to address the risk that those devices could be used to support DDoS attacks.
DDoS attacks typically involve hackers using malware-infected computers to bombard systems with such large amounts of traffic that the systems cease to function. Akamai said, however, that criminals are increasingly looking to exploit devices other than just PCs and servers to launch DDoS attacks.
"The DDoS threatscape is likely to change as millions of new IoT devices are added to the pool of resources that malicious actors could exploit for use in DDoS attacks," Akamai said in a new internet security report. "Tomorrow’s botnets may not look like today’s botnets, and they are bound to be larger in size, multi-layered with various device types, and generate remarkable bandwidth volume and connection rates."
The IoT is a term used to loosely describe the increasing interconnection of devices and the associated rise in the creation and flow of data between those machines.
Akamai said manufacturers need to address security in the process of designing and making devices to help reduce the risk that those devices could be used to support DDoS attacks.
"Mitigation is needed at both the device level and the administrator level," Akamai said. "[Original equipment manufacturers] and platform and application developers must take greater care when developing software and firmware for these devices. Security must be a fundamental part in the development of the firmware and applications. Mechanisms must be available [to] update and patch systems that will eventually fall vulnerable over their lifecycle."
Akamai's report highlighted a 22% rise in the number of DDoS attacks it had recorded during the third quarter of this year compared to during the same period in 2013.
Akamai also said that DDoS attacks are generally getting longer in duration and using more bandwidth.
Companies operating in the gaming, media and entertainment, software and technology, financial services, and internet and telecom industries were the most targeted by DDoS attacks during the third quarter of this year, it said.