https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Content Resources


DDoS Attacks are Coming. Now the Really Bad News.

  • Written by Charles Cooper 1
  • December 14, 2016
A massive attack powered by a bot army showed how easy it is to overwhelm a cloud. But attackers are planning a lot worse than to simply take your cloud offline

Earlier this fall, attackers deployed a Distributed Denial of Service attack to knock out access to Dyn, a Domain Name Service provider used by many big websites.

The attack also demonstrated the vulnerability of cloud-based businesses in a world that’s now populated by billions of smart endpoints.

Thousands of hijacked devices formed into a botnet. As many as 100,000 consumer devices infected with the Mirai botnet flooded Dyn’s services with traffic and disrupted internet service for millions of people throughout the United States.

The incident took down a significant chunk of the DNS, the internet's address directory, disrupting operations for businesses that rely on cloud solutions, such as software as a service. Security experts have long worried about the vulnerability of the Internet of Things and the Dyn attack demonstrated that their fears were not unfounded. It’s also a likely harbinger of more trouble in 2017 given that hackers tend to stick with methods that have worked in the past.

Hackers no longer need much technical sophistication to launch DDoS attacks. The know-how has been democratized. Even relative novices can now get into the game just by purchasing DDoS-as-a-Service kits that are available on underground markets. They’re also getting more creative. In denial of service for ransom incidents, for instance, perpetrators use DDoS attacks to hold cloud based organizations hostage until they pay to reestablish their connections.

They are also likely to start using DDoS attacks to distract security practitioners.

With incident response teams understandably focused on dealing with the more immediate emergency triggered by DDoS attacks, hackers can hide quietly in the background and bide their time. If a company’s network gets overwhelmed one day with floods of traffic and data, for example, it’s easy to overlook a SQL injection. Once they’re inside the security perimeter, malicious actors can steal data while nobody is paying attention.

Winter is Coming

When they describe this scenario, managed service providers may hear clients discount the risk of what’s still a largely theoretical threat to their cloud. But while the worst-case scenarios have not yet materialized, the clock is ticking. Many IoT devices lack fundamental security controls. In fact, some devices still use the ADMIN password, effectively turning them into sitting ducks for anyone who wants to use the devices to launch DNS queries, a very effective DDOS approach. 

Organizations that incorporate IoT devices in their operations shouldn’t expect much security help from device makers. Security often gets short shrift in the design process. What’s more, the industry is still struggling to rally around common standards and protocols that would foster greater security. Despite some progress recently, it’s a slow process characterized by fits and starts.

This was never going to be a smooth transition as security has failed to keep up with innovation. Many IoT devices were never intended to be connected to the internet and that puts the onus on organizations to add more stringent controls based on device function. They also need to ensure regular patching and firmware updates and vulnerability management strategies to mitigate the device’s risk to botnet attacks. At the same time, IT can take care of the basics, such as configuring their cloud services to require all employees to have both unique user IDs and complex passwords. (You can find a checklist of strategic principles to follow here.)

In the end, it becomes a numbers game. The more that organizations can reduce possible points of entry, the more security they can architect into their clouds. It’s worth their time and attention because hackers are finding new and clever ways to exploit the IoT to steal data from the cloud. Make no mistake about it, winter is coming.

This content is underwritten by VMware — and is editorially independent. It is produced in accordance with conventional standards of business journalism.

Charles Cooper is an award-winning freelance author who writes about business and technology. During his 30-plus year career, he has worked as an executive editor at several leading tech publications including CNET, ZDNet, PC Week and Computer Shopper.

Tags: Agents Cloud Service Providers MSPs VARs/SIs Content Resources

Most Recent


  • secure
    Work Goes Remote - (and Other Top ITOps Trends)
    Remote work is perhaps the most obvious trend for 2022. But other key trends affecting your clients include gaining buy-in from their existing IT staff, improving security for better compliance, using MSPs to supplement staffing needs, deploying in the cloud, and paying attention to human factors. Download this whitepaper to  look at each of these […]
  • The New Bottom Line: How MSPs Can Meet the Healthcare Crisis While Evolving Their Businesses
    There has not been, in modern memory, a harder time to work in healthcare. Whether on the front lines or in the back office, doctors, nurses, their assistants, administrative personnel, and others handle more responsibilities and changes than ever. The healthcare industry is experiencing a record exodus of experts and soaring cases of burnout – […]
  • Code against data center background
    How to build a Security Operations Center (on a budget)
    Whether you’re protecting a bank or the local grocery store, certain common sense security rules apply. At the very least, you need locks on entrances and exits, cash registers, and vaults as well as cameras pointed at these places and others throughout the facility. The same goes for your cloud, on-premises, and hybrid environments. Controlling […]
  • threat hunters
    The AT&T Cybersecurity Incident Response Toolkit
    When it comes to data breaches, most agree that it’s not a matter of if, but when. In CyberEdge Group’s 2019 Cyberthreat Defense Report, an astounding 78% of surveyed organizations admitted being victims of cyber attacks. That’s why it’s important to have the right incident response tools and plans in place. In this paper, you’ll […]

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Service edge
    A Quantitative Comparison of UPS Monitoring and Servicing Approaches Across Edge Environments
  • Hybrid cloud administrators should define management policies procedures and job responsibilities to eliminate ambiguity and ensure theyrsquove created the most secure environment possible Establish clear rules governing cloud configuration and installation access control for sensitive data or restricted applications and reporting guidelines Identify and document what crossplatform tools are authorized as well as the access controls and encryption standards are in placenbsp
    RISK-BASED AUTHENTICATION: A Critical Element to Any Zero-Trust Deployment
  • Firewall
    6 Essential Features of a Modern Firewall
  • endpoint protection security
    Panda Adaptive Defense 360 Technologies: Powerful Detection, Reliable Mitigation

Upcoming Events

View all

MSP Summit

September 13, 2022 - September 16, 2022

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Galleries

View all

Lumen Channel Leaders Talk Program Evolution, C-Suite Sponsorship, TSD Consolidation

August 15, 2022

Kaseya’s Auto-Renewal Changes Bring Glimmer of Hope to Partners Amid Turmoil

August 15, 2022

Analysts React to Rackspace Earnings with Downgrades

August 15, 2022

Industry Perspectives

View all

How to Take Shared Responsibility for Securing Cloud

August 11, 2022

Seize the Application Modernization Opportunity

August 2, 2022

A Growth Mindset: Your Organization’s Strategic Differentiator

August 1, 2022

Webinars

View all

Outsmarting RaaS: Implementation Strategies To Help Your Clients Before, During, and After a Ransomware Attack

August 23, 2022

Why it is Important to Upgrade Aging Servers and How to use Live Optics to Upgrade Efficiently

August 25, 2022

Executives at Home are Not Alright: An Intro to Digital Executive Protection

September 8, 2022

White Papers

View all

Work Goes Remote – (and Other Top ITOps Trends)

May 25, 2022

The New Bottom Line: How MSPs Can Meet the Healthcare Crisis While Evolving Their Businesses

April 19, 2022

How to build a Security Operations Center (on a budget)

April 4, 2022

Channel Futures TV

View all

ThreatLocker Preaches Zero Trust, Addresses Industry Competition

Microsoft Targeting Partners to Sell Teams, Windows 365 to SMBs, More

August 15, 2022

ScienceLogic Debuts New Partner Portal

August 9, 2022

Vonage a ‘Single Communications Stack Provider’ for Partners, Customers

June 27, 2022

Twitter

ChannelFutures

.@kaspersky research shows @Office #exploits rose in Q2, accounting for most exploits across platforms.… twitter.com/i/web/status/1…

August 16, 2022
ChannelFutures

We had a blast celebrating our 2021 MSP 501 winners. Who will be taking the stage this September? We're welcoming o… twitter.com/i/web/status/1…

August 16, 2022
ChannelFutures

.@Tanium forms integration partnership with #Microsoft, joins Microsoft Intelligent Security Association. #MISA… twitter.com/i/web/status/1…

August 16, 2022
ChannelFutures

.@msp360 refreshed and expanded its advantage partner program after experiencing significant channel growth in H1 2… twitter.com/i/web/status/1…

August 16, 2022
ChannelFutures

The countdown begins! Channel Partners Leadership Summit, MSP Summit, and Women's Leadership Summit are coming up i… twitter.com/i/web/status/1…

August 16, 2022
ChannelFutures

Use #remarketing to boost #revenue with MSP sales, says @zomentum. dlvr.it/SWjjV4 https://t.co/VAnTzCwArC

August 16, 2022
ChannelFutures

.@LumenCPP partner leaders say private equity investment in the advisory channel is validating the space to Lumen l… twitter.com/i/web/status/1…

August 15, 2022
ChannelFutures

.@KaseyaCorp's auto-renewal changes bring glimmer of hope to partners amidst turmoil. Some of our #MSP501 and… twitter.com/i/web/status/1…

August 15, 2022

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X