Blog

IoT devices used in DDoS attacks

Share this post:

On Friday 21 October, unknown hackers used Internet of Things (IoT) devices to launch three Distributed Denial of Service, or DDoS attacks on Dyn. Dyn is a company that provides internet services, among them a Domain Name Service (DNS). A DNS services is like a telephone directory for the internet, it translates the web address that you search for, such as www.ibm.com into the IP address used by the internet – for IBM that’s 9.87.12.1. Using the telephone directory example, without the DNS, it’s impossible to find the number for the person you want to contact. The press was quick to report the attack calling out the exploitation of IoT devices, such as the NY Times and the BBC News.

A DDoS attack uses multiple computers and Internet connections to flood a targeted resource, making it very difficult and sometimes impossible for the target to operate. Dyn estimates that 10’s of millions of IP addresses were involved. The attackers impacted many well-known websites using an unknown number of IP addresses that belonged to IoT devices. The IoT devices were thought to be low-end, inexpensive devices with user names and/or passwords that were easy to guess but couldn’t be changed by the user, making them highly vulnerable to attack.

In the remainder of this blog post I’ll underline the importance of security for IoT.  I’ll also outline how IBM can help IoT device manufacturers and those enterprises deploying IoT solutions, to increase their IoT Security.

How important is security for IoT?

Security is a significant topic of debate around the IoT, with concerns that it opens new avenues of attack by extending the scope of information technology to everyday connected devices and things. IBM believes that security is fundamental to how the IoT must operate to the extent that IBM have recently published a new whitepaper providing IBM’s point of view on IoT Security.

While unable to comment on individual cases, the DDoS attacks on Dyn highlights the need for everyone involved with IoT to consider security by design. Security for IoT should be built into IoT devices and software, from manufacturers to end-users. There is no doubt that IoT significantly expands the attack surface for enterprises and the scope of enterprise IT. Just as enterprises are used to addressing security in their IT infrastructure they must do the same for IoT solutions and products.

The recent attacks and vulnerabilities also underline the importance of being able to view, manage and update IoT devices and firmware after the point of manufacture.  The Watson IoT Platform has functionality to update firmware on IoT devices. Following Friday’s attacks, IBM has mobilized teams around the world to support clients wanting help to secure their IoT solutions, helping through technology, the IBM Watson IoT Platform, and our IoT security expertise.

How can I increase the security of my IoT landscape?

IBM has both breadth and depth of solutions and services to help clients secure their IoT landscape. The Watson IoT Platform has an important role to play in IoT security. IBM has always taken this very seriously and earlier this month announced new security offerings and capabilities around IoT and the Watson IoT Platform. IoT security will be a big topic at World of Watson in Las Vegas this week and we are bringing to market three new offerings to assist clients:

  1. IoT Security Assessment services offering – IBM IoT and Security experts visit clients and advise on the end-to-end security of  IoT solutions for clients and make recommendations.
  2. IoT Security Intelligence services offering – this enables enterprises to understand IoT security events in real-time. These use behavior-based solutions which detect deviations from normal behavior patterns and recognize new attacks or security issues
  3. Advanced Security capabilities in the Watson IoT platform – a security dashboard, giving operators visibility to potential vulnerabilities and exposures across the network; an alert system for immediate notification, enabling enterprises to respond IoT Security events by understanding them in real-time; a visual policy management for enterprises’ IoT landscapes, allowing automatic identification of security events in accordance with best-practice policies tailored to your IoT environment; the ability to integrate Watson IoT Platform with Blockchain for trusted IoT transactions among a group of parties, improving business efficiency and security.

For more information about security and the Watson IoT Platform, please contact wiotmktg@us.ibm.com.

More Blog stories

Top Takeaways from IoT World 2019

Written by Sarah Dudley | May 20, 2019 | Asset Management, Manufacturing, Platform

The total number of Internet of Things (IoT) devices is expected to hit 10 billion by 2020. With this explosion of growth also comes an uptick in the conversations around how to use these devices and the data they generate to improve our businesses and our lives. At IoT World, North America’s largest IoT event ...read more


And the winner is……Watson IoT at the IoT World Awards 2019!

Written by Sarah Dudley | May 17, 2019 | Asset Management, Platform

It’s been an exciting week as more than 12,000 people converged on the Santa Clara Convention Center for Internet of Things World 2019! Topics have spanned from connected cars and smart buildings to Industry 4.0 and developing an IoT Platform. In the full recap going out in the next few days, we will highlight the ...read more


All the IoT Platform expertise you can imagine in one place, at one time

Written by Mark Swinson | April 10, 2019 | Events, Platform

IoT Exchange: Platform As you continue to unlock the most value from your IoT data, choosing the right platform is an obvious key to your long-term success. In my last blog, I discussed the five key reasons you should attend the Platform Academy at the IBM IoT Exchange. Now, I’d like to offer you a ...read more