It’s been more than two years since, in the fall of 2016, the threat of cyber attacks that leveraged Internet of Things (IoT) devices moved from theoretical to actual. That fall, several distributed denial of service (DDoS) assaults each leveraged tens of thousands of poorly secured IoT devices to send crippling volumes of traffic to targeted web sites.
One example: a September 2016 attack on the hosting provider OVH used a botnet that enlisted approximately 150,000 devices to send 1 terabyte of data per second at the victim’s servers.
Although such massive attacks have remained rare, the sheer number of IoT-based attacks ramped up rapidly in 2017 and held roughly steady in 2018, according to the most recent iteration of Symantec’s annual Internet Security Threat Report (ISTR). The vast majority of IoT-enhanced attacks still fall into the DDoS category, but there are indications that these ubiquitous devices will be increasingly tapped to execute different forms of assaults.