Attackers are turning away from reflection-style attacks, which use Internet services to amplify traffic, toward compromised Internet of Things devices, according to the recently released Q3 2016 DDoS Threat Report from distributed denial of service security firm Nexusguard Inc.

An Oct. 16 attack used a host of compromised IoT devices to knock numerous major services offline including Twitter, PayPal and Reddit. A similar attack that hit the Krebs on Security website, home of cybersecurity researcher Brian Krebs, in September for a record 620 Gbps in traffic was also thought to be powered by a similar botnet.

The shift is so noticeable that Nexusguard reports that Domain Name Service-based reflection-style attacks fell almost 97 percent from the previous quarter. The report describes the revelation as a “sharp dip in distributed reflection denial of service (DrDoS) attacks.”

“Few service providers can sustain the level of malicious traffic we saw in Q3 from IoT botnets, so these DDoS outages are causing companies to completely rethink their cybersecurity strategies,” said Terrence Gareau, chief scientist for Nexusguard.

“Hackers’ preferences for botnets over reflection attacks are typical of cyclical behavior, where attackers will switch to methods that have fallen out of popularity to test security teams with unexpected vectors.”

The new attacks appear to use what is now known as the Mirai botnet (named for the Japanese word for “the future”), a type of distributed malware that infects IoT devices including Internet-connected cameras (webcams and security cameras), digital video recorders and routers.

Nexusguard believes that hackers adopted the Mirai botnet because of its ease-of-use and the efficiency of its underlying code. The source code for the attack software was also widely distributed by hackers in early October, potentially leading to its current dominance.

With so many devices entering the IoT marketplace over time – many of which lack sufficient security – this has led to a perfect storm for hackers. In 2016, news sources have reported on numerous DDoS vectors from security cameras to common webcam components. Last month, Chinese electronics firm Hangzhou Xiongmai Technology Co. Ltd. recalled many of its own products to enhance their security.

The path to protecting against IoT-enabled widespread DDoS attacks must expand beyond just the traditional relationship between Internet service providers, content delivery networks and businesses. It will have to include IoT device manufacturers working to lock down consumer and enterprise devices against intrusion.

Nexusguard’s report calls these attacks “supersized” and predicts that on the business-side many companies will need to strengthen their cybersecurity protocols and rethink their service provider contracts in light of these new trends.

Featured image credit: Data Center via photopin cc