Massive DDoS attack harnesses 145,000 hacked IoT devices
In what some are calling the biggest distributed denial-of-services attack ever seen, a botnet comprising thousands of hacked Internet-of-Things devices took aim at a European web host earlier this month – flooding it with a data deluge that at times exceeded one terabit per second.
The attack ushers in a dangerous new era for data security and system uptime, experts said, and could pose dramatic new risks for EHRs and other hospital IT systems.
According to Ars Technica, the hackers took control of a legion of web-connected cameras, routers and other devices to effectuate a series of DDoS attacks – the largest of which vastly exceeded the 363 Gbps that had heretofore been the largest mitigated by the web performance and cybersecurity firm Akamai.
"Now that we've seen a 600 gig botnet, we have to plan that within one to two years, those are going to become common," Martin McKeay, a member of Akamai's security intelligence team, told Ars Technica. "They may not be every attack, but we will see a dozen of them a quarter, we'll see a couple hundred of them a year. Now that people know those are a possibility, they're going to start pushing in that direction. They're going to make it happen."
In other words, much like ransomware attacks – which few in healthcare were even aware of as recently as a year ago – once cyber crooks have seen the damage DDoS on this scale can wreak, it seems clear that they'll be instigating a lot more of them.
This past January, Flint, Michigan-based Hurley Medical Center was hit with a DDoS attack soon after the hacktivist group Anonymous released a video promising justice for the city's ongoing water crisis.
In 2014, Boston Children's Hospital was targeted by a days-long Anonymous DDoS campaign, as the hacktivist group protested the controversial case of Justina Pelletier, who was then being held at the hospital against the wishes of her parents.
Boston Children's Chief Information Officer Daniel Nigrin, MD, discusses lessons learned from that crisis.
Helpful advice on planning your purchase of IDS and IPS tools:
- How to know if your intrusion detection and prevention solution meets HIPAA compliance rules
- 3 key factors to plan your budget for an intrusion protection system
- What to watch: IDS and IPS features to consider when comparing different vendors products