Research by Nokia has found a large increase in botnet DDoS attacks over the last 2 years, with hackers utilising more sophisticated Internet of Things (IoT) botnets and amplifier attacks to exceed 10Tbps in capacity – this is over 3x the average size of attack previously found. These attacks have originated from cloud providers and regional internet providers all over the world as an international market for hackers and malicious actors has sprung up. The report highlights the importance of cybersecurity and attack mitigation for businesses and website owners.
Previously, DDoS attacks could be diverted using cleansing processes, but Nokia’s report found that an increased utilisation of IoT and cloud computing has considerably scaled up these attacks. Before, these attacks could be launched from home computers, but there is a growing black market of hacking and cyberattack tools that has increased the volume and scope of DDoS attacks possible. A plethora of offensive IT tools are for sale online and can be bought using cryptocurrency – remaining mostly untraceable to the initiated. IoT devices are known to have looser security protocols and provisions in place than other network-connected devices, and as more unsecured IoT devices are found in people’s homes, hackers are exploiting these devices to propagate new attacks and sell their toolkits online.
Of the 10,000 DDoS attacks Nokia analysed, they found the most poignant attacks were originating from high packet-rate, high bandwidth, volumetric DDoS attacks. These attacks are larger in scale and also much more difficult for security experts to identify and mitigate. Previous attacks were mitigated by identifying patterns and finding poorly randomised packet headers in the traffic. However, attackers are now using large-scale botnets with legitimate IP addresses and valid checksums which makes it much trickier for experts to separate the attackers from legitimate users.
It has been proposed that multiple layers of intricate security could be a work around for these new DDoS attacks. Typical strategies focus on reducing the attack surface area via CDNs or load balancers, and using firewall ACLs to mitigate the attacker’s traffic. Organisations can make themselves a harder target by using multipath VPNs to hide source-destination relationships and traffic patterns. Nokia itself does not provide any strategies for mitigating these new attacks, but puts the onus on organisations to enhance security processes and procedures and ensure they are effectively buffered from such attacks in future. The increasing rise of botnet DDoS attacks has been the result of more common and easily attainable tools and vectors of attack.
No comments:
Post a Comment