Study backs IoT/DDoS concerns

Cybersecurity research

A new report supports concerns that the massive distributed denial-of-service attack on internet services provider Dyn and other sites in September and October marks a dangerous milestone for cybersecurity.

In Akamai's third-quarter 2016 "State of the Internet/Security Report" released on Nov. 15, analysts said the Mirai botnet's attack on Dyn, which harnessed hundreds of thousands of internet-facing devices, opens a new horizon for the severity of future attacks.

"Every couple of years the industry faces what could be considered 'harbinger attacks,' where the size and scope of a security event are radically different than what has come before," said Martin McKeay, senior security advocate at Akamai and senior editor of the report, in a statement. "I believe the industry faced its latest 'harbinger' with the Mirai botnet."

DDoS attacks greater than 100 gigabits/sec increased 138 percent in the past year, according to the report. However, the attack on Dyn was not the most massive in the third quarter.

Akamai said two DDoS attacks in that time frame topped previous highs at 623 gigabits/sec and 555 gigabits/sec. Both targeted cybersecurity analyst Brian Krebs' website. Akamai said it had been providing protection for Krebs' site on a pro-bono basis, but the attacks were so massive and required so many resources to block, it had to re-evaluate providing the free security.

With the Sept. 20 attack on Krebs' website, Akamai "found itself on the receiving end of a 623 gigabits per second attack" that was the biggest it had ever battled.

According to a post-attack analysis by Scott Hilton, Dyn's executive vice president of products, the attack on the company was a "sophisticated, highly distributed attack involving [tens] of millions of IP addresses."

The vulnerability of internet-of-things devices and the attack on Dyn prompted the National Institute of Standards and Technology to bump up the release of its updated guidance on how to develop secure systems from the bottom up, which encourages device and systems makers to incorporate security beginning at the product design phase.

McKeay said the Mirai botnet showed the need for device manufacturers to place more emphasis on security.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Government Innovation Awards
    Government Innovation Awards -

    Congratulations to the 2021 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

Stay Connected