IoT devices used in DDoS attacks

By | 3 minute read | October 24, 2016

IoT security and systems engineering

On Friday 21 October, unknown hackers used Internet of Things (IoT) devices to launch three Distributed Denial of Service, or DDoS attacks on Dyn. Dyn is a company that provides internet services, among them a Domain Name Service (DNS). A DNS services is like a telephone directory for the internet, it translates the web address that you search for, such as into the IP address used by the internet – for IBM that’s Using the telephone directory example, without the DNS, it’s impossible to find the number for the person you want to contact. The press was quick to report the attack calling out the exploitation of IoT devices, such as the NY Times and the BBC News.

A DDoS attack uses multiple computers and Internet connections to flood a targeted resource, making it very difficult and sometimes impossible for the target to operate. Dyn estimates that 10’s of millions of IP addresses were involved. The attackers impacted many well-known websites using an unknown number of IP addresses that belonged to IoT devices. The IoT devices were thought to be low-end, inexpensive devices with user names and/or passwords that were easy to guess but couldn’t be changed by the user, making them highly vulnerable to attack.

In the remainder of this blog post I’ll underline the importance of security for IoT.  I’ll also outline how IBM can help IoT device manufacturers and those enterprises deploying IoT solutions, to increase their IoT Security.

How important is security for IoT?

Security is a significant topic of debate around the IoT, with concerns that it opens new avenues of attack by extending the scope of information technology to everyday connected devices and things. IBM believes that security is fundamental to how the IoT must operate to the extent that IBM have recently published a new whitepaper providing IBM’s point of view on IoT Security.

While unable to comment on individual cases, the DDoS attacks on Dyn highlights the need for everyone involved with IoT to consider security by design. Security for IoT should be built into IoT devices and software, from manufacturers to end-users. There is no doubt that IoT significantly expands the attack surface for enterprises and the scope of enterprise IT. Just as enterprises are used to addressing security in their IT infrastructure they must do the same for IoT solutions and products.

The recent attacks and vulnerabilities also underline the importance of being able to view, manage and update IoT devices and firmware after the point of manufacture.  The Watson IoT Platform has functionality to update firmware on IoT devices. Following Friday’s attacks, IBM has mobilized teams around the world to support clients wanting help to secure their IoT solutions, helping through technology, the IBM Watson IoT Platform, and our IoT security expertise.

How can I increase the security of my IoT landscape?

IBM has both breadth and depth of solutions and services to help clients secure their IoT landscape. The Watson IoT Platform has an important role to play in IoT security. IBM has always taken this very seriously and earlier this month announced new security offerings and capabilities around IoT and the Watson IoT Platform. IoT security will be a big topic at World of Watson in Las Vegas this week and we are bringing to market three new offerings to assist clients:

  1. IoT Security Assessment services offering – IBM IoT and Security experts visit clients and advise on the end-to-end security of  IoT solutions for clients and make recommendations.
  2. IoT Security Intelligence services offering – this enables enterprises to understand IoT security events in real-time. These use behavior-based solutions which detect deviations from normal behavior patterns and recognize new attacks or security issues
  3. Advanced Security capabilities in the Watson IoT platform – a security dashboard, giving operators visibility to potential vulnerabilities and exposures across the network; an alert system for immediate notification, enabling enterprises to respond IoT Security events by understanding them in real-time; a visual policy management for enterprises’ IoT landscapes, allowing automatic identification of security events in accordance with best-practice policies tailored to your IoT environment; the ability to integrate Watson IoT Platform with Blockchain for trusted IoT transactions among a group of parties, improving business efficiency and security.

For more information about security and the Watson IoT Platform, please contact