IoT devices a growing part of global DDoS weapon arsenals

Machine-to-machine communications are increasingly exploited in distributed denial of service (DDoS) attacks. The use of IoT devices in synchronized attacks is growing globally, with China listed as the top host country for DDoS weapons, followed at distance by the United States.

The most common protocols hackers use to create botnets for DDoS attacks are Network Time Protocol (NTP), Domain Name System (DNS), and Simple Services Discovery Protocol (SSDP). However, new research points to a fast-emerging weapon in botnet arsenals: Constrained Application Protocol (CoAP).

CoAP is a service layer protocol used by resource-constrained Internet-connected devices. It’s designed to easily translate to HTTP for simplified integration with the web, but it also meets specialized requirements like multicast support, low overhead and simplicity – all crucial for the proper functioning of Internet of Things (IoT) and Machine-to-Machine (M2M) devices.

According to A10 Networks, CoAP-based devices represent a fast-emerging weapon type in botnet arsenals.

“The most common type of attack utilizing many of these weapons is a reflective amplification attack through which attackers spoof a target’s IP address and send out requests for information to vulnerable servers that then send amplified responses back to the victim’s IP address overwhelming the capacity of the target’s servers,” researchers explain.

CoAP is inherently susceptible to IP address spoofing and packet amplification, the two major factors that enable the amplification of a DDoS attack, the company says.

The report tracked 22.9 million DDoS weapons in the first quarter of 2019 and named China as the #1 host for weapons, at 6,179,850, trailed by the United States, with 2,646,616. Less-weaponized countries that still constitute visible blips on the DDoS radar include Spain, Russia, The Republic of Korea, Italy and India.

According to the firm’s director of research and development, Rich Groves, DDoS attacks are increasing in frequency, intensity and sophistication.

“Malware-Infected systems and vulnerable servers continue to create attacks of crushing scale against unprepared targets,” Groves said. “The growth of IoT devices using protocols such as CoAP represent a new, fast-emerging attack surface that we expect will play a major role in DDoS attacks going forward.”