Five years ago, on the eve of Israel's annual Holocaust Memorial Day, a “hacktivist” group of cyber-disruptors united to launch a DDoS attack against the internet infrastructure and websites of the State of Israel. The attack, which has been dubbed #OpIsrael, has continued to target Israel every year on the anniversary of that first attack. Fortunately, the attacks have so far been assessed by leading security experts as a failure.
Nonetheless, DDoS-related threats shouldn't be underestimated. In the past, the attacks managed to deface several Israeli websites by swapping their home pages with political statements. The attackers also tried to steal and expose sensitive data from banks and government offices, and launched DDoS attacks against various government institutions and industries. (Not to mention database hijacking, database leaks, and admin panel takeover…) These attacks are a reminder of the disastrous effects DDoS can have on businesses, and why they must reinforce their defences.
DDoS attacks not only impact their direct targets, but also cause heavy collateral damage in the form of available bandwidth congestion on large segments of the network. In the case of Israel, the 4 Tbps MedNautilus cable regularly triggered exhaustion of the network bandwidth. So in 2012, two high-bandwidth undersea cables were deployed, adding 55 Tbps of bandwidth. However, there are always newer and bigger threats on the horizon.
The impact of IoT
As the number of IoT devices grows, they provide hackers with a growing landscape from which to launch attacks. Most IoT devices are essentially stripped-down, single purpose computers with little or no security. They are easily hacked and converted into soldiers in a botnet army, participating in ever growing floods of DDoS attacks.
According to Frost & Sullivan's whitepaper, “Service Provider Requirements for DDoS Mitigation,” DDoS attacks have been steadily growing in terms of scale, frequency, and complexity for years. But DDoS took an unprecedented leap forward in 2016, peaking at over 1 Tbps for the first time ever – often targeting service provider networks. The latest record threshold crossed was a 1.7 Tbps attack in March 2018.
IoT botnet attacks can cause network interruptions or even bring the network down, so it is in the company's best interest to minimise this risk. Visibility of traffic anomalies is key to identifying these attacks and stopping them early on – at the source. Therefore, businesses should partner with service providers that offer comprehensive DDoS protection across the network to detect and mitigate an IoT botnet attack. A good security solution will detect short network hit-and-run cycles with massive spikes to the targets, scan activity or login attempts on ports of the series of known passwords, and mitigate in real time.
Where service providers come into play
Service providers need to keep their networks safe and running at all times to meet SLAs. They should have clear visibility of all aspects of their cloud infrastructure and network virtualisation— especially the blind spots. For service providers looking to beef up their security efforts and prevent the next attack, a simple security solution checklist won't do. They must have a multilayer approach that combines proactive measures, such as policy-based traffic management, with threat intelligence. Scalability and efficiency are also important elements to the security fabric that enable DDoS attacks to be fended off at the source.
Service providers also need modern mitigation solutions to face this ever-changing DDoS environment. DDoS attacks must be quickly detected for an equally fast response. Coupled with this, service providers must maintain full visibility of the network at all times to have a clear picture of all network activity. IoT device traffic must also be differentiated from other sources of traffic through granular controls across network entry points. Comprehensive solutions are extremely difficult to find in the security market in a single, purpose-built appliance. Nonetheless, they could offer vital capabilities for protecting service provider networks.
Contributed by By Eliyah Havemann, security specialist at Allot Communications.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.