It takes a collaborative effort to reduce the internet's risks.
The risk posed by the weaponisation of Internet infrastructure for DDoS attack generation will be a hot topic for ISPs once again in 2020.
Techniques such as reflection/amplification have been used by attackers to launch huge DDoS attacks for over a decade.
Attackers are using new protocols and infrastructure, both to circumvent defences and replace capabilities that have been lost to them (due to clean-up/patching/better network design).
Understanding the populations of devices across the Internet that can be used to launch attacks, the clean-up rate when attack vectors are identified, and the exploitation of new/additional protocols are all key to modelling the risk these threats pose in different regions.
The number of connected devices is increasing very quickly, driven by the proliferation of IoT (Internet of Things), the continuing growth and availability of fixed broadband services across all geographies, and the rapid expansion of 4G and 5G mobile infrastructure.
The conditions are favourable for threat actors to use this environment and “weaponise” vulnerable devices by either making them part of botnets and/or using them as DDoS reflectors. And, there are other factors that will make matters worse moving forward:
When looking at the weaponisation of the Internet infrastructure it is common to observe that after a very large and well publicised attack, many organisations tend to react and take appropriate measures such as software patching vulnerable devices, applying well established Best Common Practices (BCPs), and deploying Intelligent Detection and Mitigation Systems (IDMS), among other strategies.
Although these measures do help to mitigate the scale and impact of some of the most well-known and largest attacks (i.e. Memcached, Mirai, DYN, etc.) in the immediate aftermath, it is also true that other factors play a role. The dynamics surrounding this issue can be summarised as follows:
The fact that many of these vulnerable connected devices are home based IoT or CPE devices installed and operated by people without any security background makes the task of decreasing the size of botnets or reflectors even more daunting.
As in previous years, we will most likely continue to observe the adoption of new protocols as part of campaigns to launch large volumetric reflection/amplification DDoS attacks.
By our own research, we have seen the increase of these protocols by a factor of two in the last couple of years and are very certain that this trend will continue in 2020.
As in the previous considerations, the explosion in the number of new connected devices and the introduction of new transport technologies and protocols will be the main contributing factor in this dynamic.
It is paramount that all the stakeholders in the internet community; ISPs, network suppliers, manufacturers of connected devices, integrators, cloud providers, government entities, enterprises, cybersecurity industry, and others take ownership in a collaborative effort to confront the reality of a “weaponised” internet to make it a better place for everyone.
Darren Anstee is CTO, SBO International at NETSCOUT.
Thanks for signing up to Minutehack alerts.
Brilliant editorials heading your way soon.
Okay, Thanks!