IoT: Expect new forms of DDoS attacks, warns F5 Networks CEO

John McAdam tells Computing about a cable company brought down by a flood of requests to connected devices on its network

The Internet of Things (IoT) will see new forms of distributed denial of service (DDoS) attacks hitting enterprises, the CEO of security firm F5 Networks, John McAdam, has warned.

Speaking to Computing at F5 Agility 2016 in Vienna today, McAdam said that by 2020 there would be about 37 billion endpoints making up the so-called Internet of Things. But he said this would be a good thing for F5 because it would mean more of an opportunity for the company to manage organisations' app security.

McAdam pointed to F5's "multi-million dollar transaction with a car company", which meant that the company was managing the internet traffic coming from those cars, as an example of this opportunity.

He dismissed the notion that IoT was marketing hype, and said that F5 knows of at least one company - a major cable operator - that has had a DDoS attack because of IoT.

"The way [the criminals] did the DDoS attack was by pinging cameras and any other internet-connected devices at homes. The camera will automatically say ‘no' so they couldn't get through, but they used the combination of ‘nos' to build up traffic and conduct a DDoS attack," said McAdam.

"If you can correlate all of that data on a global basis, suddenly you're bringing down sites. But there are scarier examples, such as downloading an app which is not what you think it is," he added.

When asked which type of attacks were still proving the most challenging for enterprises to combat, McAdam suggested that DDoS remained the most prominent.

He said the education sector was especially prone to DDoS attacks. This dovetails with DDoS protection services firm DOSarrest's CTO Jag Bains' claim back in January 2014 that the education sector was the fastest growing segment in taking up DDoS mitigation.