DDoS attacks will reach one terabyte a second this year, according to a new report from Deloitte. In fact, DDoS attacks in 2017, according to the report, “will become larger in scale, harder to mitigate, and more frequent”.
Furthermore, Deloitte UK's head of cyber-risk services, Phill Everson told SC that “DDoS attacks will not only scale up this year to a terabit per second in some instances, but also increase in frequency to a total of 10 million attacks. The volume and scale of such breaches would challenge the defences of organisations, regardless of size.”
The report points to three causes behind the rise of DDoS. First is the weakness of the IoT, allowing the easy construction of massive botnets. Second, is the increase in broadband speed allowing each part of those botnets to become more powerful. Finally, t there is the increased availability of malware.
A favourite of hacktivists and script kiddies, a DDoS attack is one of the more reliable weapons in the hackers' arsenal. By getting millions of computers to send messages to a particular website at any one time, an attacker can overload that website, forcing it to crash. Such attacks typically employ a botnet, a network of computers or devices which can controlled by one botmaster, allowing it to bring massive flood power to bear.
The report points to the the proliferation of malware such as Mirai which have been largely to blame for a massive escalation in the flood power of DDoS attacks over 2016. Botnets constructed using Mirai malware were t behind a series of record-breaking DDoS attacks which deployed flood power at levels never seen before.
Moreover, the source code of Mirai has been openly published. Many commentators, including Deloitte, say this means that even lower-end attackers can now have capabilities which rival those with far more resources and expertise.
One report from the Institute of Critical Infrastructure Technology says, “The Mirai malware offers malicious cyber-actors an asymmetric quantum leap in capability; not because of sophistication or any innovative DDoS code, rather it offers a powerful development platform that can be optimised and customised according to the desired outcome of a layered attack by an unsophisticated adversary.”
Once Mirai infects a machine, it looks around for other vulnerable devices before attempting to guess its password from a modest library of common credentials. Commentators have largely pointed towards the profound vulnerability of so much of the IoT as a telling factor in the growing strength of DDoS attacks.
Here, Everson told SC: “This escalation in the DDoS threat is largely due to the growing number of vulnerable IoT devices and online availability of IOT-focused malware (both of which allow relatively unskilled attackers to hijack IoT devices and use them to launch attacks), as well as access to ever higher bandwidth speeds.
“We have millions of IoT devices worldwide, which through poor security [default passwords] are prime targets for botnets,” Graham Mann, managing director of the Encode Group told SC Media UK in late 2016.
“The sheer numbers provide attackers with immense computing power from which to mount devastating DDoS attacks. IoT devices are soft targets, they can be anywhere in the world, they won't have AV or security, owners will rarely update the firmware or configure them, and the majority of owners will have no idea that their devices are being misused for nefarious purposes.”
Higher bandwidth speeds will also play their part in the escalation of DDoS attacks. As those speeds increase, nodes within a botnet can send ever more information, making a botnet's constituent parts all the stronger. The report explains “the higher the uplink speed, the greater the amount of junk traffic that can be sent and disruption inflicted by each compromised device”.
This year, there will be major changes with networks being upgraded to higher speeds on top of a rising number of fibre-linked homes and premises worldwide.Paul Ducklin, senior technologist at Sophos, told SC that these conclusions are not much of a surprise given what we've seen in the past year: “We've already seen a 600Gbit/sec attack on journalist Brian Krebs, and perhaps even a couple of 1000Gbit/sec ones on other targets, and 1000Gbit is 1 terabit, so we might as well assume that the 1Tbit/sec ‘milestone' has already been passed. And networks, notably home networks, only ever tend to get faster, so it seems inevitable that DDoS attack volumes will continue to increase.”