IoT-based DDoS attacks to rise in 2017: Report

Cybercriminals will use distributed denial of service (DDoS) attacks in 2017 to extend their reach as there are now several Internet of Things (IoT) devices containing outdated codes and operating with well known vulnerabilities, a global security firm warned on Monday.

According to Sophos, global network and endpoint security firm, financial infrastructure is at greater attack risk as the use of targeted "phishing" and "whaling" continues to grow.

"Security is now high on the radar for the security C-suites. Unfortunately, many organisations still do not have their security basics right and remain vulnerable to cyberattacks," said Sunil Sharma, Vice President (Sales) Sophos, India and Saarc.

Cybercriminals will use ever more sophisticated and convincing targeted attacks to lure users into compromising themselves by bringing together multiple technical and social elements and probe an organisation's network to proactively attack a specific target.

With 'old' ransomware looming around web, users may fall victim to attacks that cannot be cured because payment locations no longer work, the report noted.

"There are six key measures that organisations should put in place to help keep more complex threats at bay: move from layered to integrated security; deploy next-generation endpoint protection; prioritise risk-based security; automate the basics; build staff and process to deter mitigate social attacks; and improve defender coordination," Sharma added.

Using cameras and microphones to spy on households, cyber criminals may target people using home IoT devices to find a way to profit.

"But once attackers 'own' a device on a home network, they can compromise other devices such as laptops containing important personal data," the report added.

As encryption makes it hard to inspect traffic, criminals can use it as a cover to sneak through a network.

"Security products will need to tightly integrate network and client capabilities, to rapidly recognise security events after code is decrypted on the endpoint," Sophos suggested.

The company predicted that in 2017, societies will face growing risks from both disinformation and voting system compromise, as technology-based attacks have become increasingly political.

--IANS

qd/na/bg