Distributed denial of service attacks continue to be a major challenge against consistent performance of web assets of any business. The primary objective of a A DDoS attack is to engage maximum possible resources of an web server application hosting platform with overwhelming traffic or requests. However with the evolving threat landscape and deployment of diversified techniques by malicious users now DDoS attacks are also used to cover more sophisticated attack including gaining unauthorized access to the application database or exploiting buffer overflow situations. Several new themes has been observed specifically in the year of 2018 distributed denial of service (DDoS) threat landscape, both in terms of achieving new heights in the volumetric attacks as well as diversification of techniques for more sophisticated application layer targeted attacks. Now it s being said that terabyte era is already there in DDoS attacks as the largest attacks recorded in this year well exceeds 1000 GBPS. Notably in February 2018, the well known code repository system application Github observed two major DDoS attacks amounting 1.3 Tbps and 1.7 Tbps respectively.
IoT Devices Are Chipping In To the Volume
Since the availability of IoT device for commercial and domestic usages a new set of low hanging fruits have been on offer for DDoS attackers to be used for low volume terminal. DDoS bots are mostly a composition of intruded computers and other internet attached devices which are used as terminals to send traffic to the target servers.
During the early days the only option of devices to build a DDoS bot system was mostly computers used in home and business centers, even then most of those PCs would not be connected to the internet 24*7. Then we got smartphones and its mass volume of users mostly uneducated about device security. It had been mostly assumed by smartphone users that device security is something to bother the manufacturers only and users has nothing to do about other than setting a difficult password. Easy exploitation of smartphone devices with increased usage of continuously cheaper data, DDoS attackers got a new dimension build an whole new array of terminals with massive increment of attack volume capacity. However with increased user awareness about mobile phone security, and consistent effort by device manufacturer and OS developers smartphones are no longer considered as low hanging fruits in terms of being used as DDos terminals.
This deficiency quickly has been complemented by commercialization of IoT devices. With the introduction of IoT devices DDoS attackers obtained a whole new array of exploitable terminals build even larger volume capacity than the world has ever seen. The explosion of IoT devices is an attack vector that’s going to be around and of interest for a long while. Consumers and businesses are buying these devices for the coolness factor and the ability to automate your life. And vendors are much more incentivized to get the latest thing to market ASAP instead of spending time on security,” said Sean Newman, director of product management at Corero Network Security. For consumers of IoT devices the focus has been always remained the functionality, accessibility and connectivity, security has been considered as a afterthaught and left at the disposal of manufacturers to be considered. With the increased competition of productivity and price, the software development team has been always pushed to produce quicker and lighter solutions which consume lesser bandwidth and system resources. Thus security has been always an ignored vertical for development and manufacturing of those devices. This helped DdoS attackers to quickly gain access to large number of devices with a single crack they have discovered or network they have gained access into.
The small amount of traffic being requested from each device may be only 1 megabit each, and you’re unlikely to feel that on your home network in terms of performance degradation,” Newman explained. “Nobody bother to have a relook to a set of IoT devices once it has been installed and operational to update the software or security patches released by device manufacturers. Thus IoT remained as a kind of sweetspot for DdoS botnets. After the era of IoT botnets has been kicked off in 2016 by Mirai, two latest botnets namely Satori and VPNFilter combinely infected more than a million internet connected D-Link modems manufactured by Linksys, Microtik, Netgear and other manufacturers in just 12 hrs. Just imagine that what percentage of those compromised devices users has installed the security patches released by the device manufacturers after the incident has been observed.
We haven’t seen the peak of what IoT botnets are capable of yet, and you can be sure there are more pools of resources out there to be found. For instance, we’re not monitoring IPv6 as closely as we should – and I wouldn’t be surprised if there’s something lurking there that can be harnessed for this.” Said Martin McKeay, global security advocate at Akamai. Now bad actors motives and actions are being driven by market economics which also allow easy trade of tools and techniques making the infections further viral.
DDoS has been traditionally unitized as a service or operation disruption techniques and has been preferred by hacktivists with political or religious motives other than those with pure commercial interests. Since the evolution of DDoS botnets with ever larger and sophisticated category, business with proper DDoS protection mechanism already filling the heat with more frequent and longer duration disruption on the consistent performance and availability of their websites and web applications being used by either internal employees or customers.
As a business having significant exposure on your assets on the web if you have not considered DDoS as a legitimate threat, it is time to have a deeper look to the scenario.