If someone wants to disrupt a website or online service—or take it down altogether—a popular method is to wallop it with a massive flood of junk traffic or bogus requests. These so-called distributed denial of service attacks have for years been a fact of life on the internet. But a recent spate of major campaigns has raised the specter of DDoS mercenaries increasingly targeting attacks at the behest of the highest bidder.
On Wednesday, the cybersecurity firm Trend Micro is releasing findings about escalating global turf wars between attacker groups vying to seize control of vulnerable routers and other devices. Their aim: to power botnets that can direct a firehose of malign traffic or requests for DDoS attacks. Such territory disputes are a hallmark of botnets, but attackers seem increasingly motivated grow their zombie armies not for their own purposes, but in service of more professionalized—and profitable—"DDoS for hire" schemes.
"Four or five years ago attackers were just compromising as many routers as they could," says Robert McArdle, who heads Trend Micro's threat research team. "If they could get 1,000 they were happy, if they could get 10,000 they were happier. Now when you start thinking of it as a business those are growth numbers. They're thinking more corporate. It's a key change."
One challenge of DDoS research is getting insight into specific numbers of IoT devices infected with botnet malware. Unlike, says, Windows computers, most consumer-grade IoT devices like routers don't run any type of monitoring software that provide visibility. Even more kitted out enterprise networks don't always extend their protections to every IoT device, leaving some exposed to attack.
In ..
Support the originator by clicking the read the rest link below.
