The changing distributed denial-of-service threat landscape
Now Reading
Insights: The changing distributed denial-of-service threat landscape

Insights: The changing distributed denial-of-service threat landscape

The scale and sophistication of the DDoS attacks launched by the new botnet, drawing power from compromised internet of things devices, is unprecedented

distributed denial-of-service

As the internet brings billions of devices online, thousands of common vulnerabilities and exposures get discovered and, while waiting to get fixed, become available to be exploited by hackers and cybercriminals. Distributed denial-of-service (DDoS) is another type of IP network traffic – albeit a malicious kind that has been around for over two decades. It has been used to disrupt servers, services or even entire networks by saturating them with a high volume of traffic, high intensity of packets, and flooding internet systems and devices with a high frequency of malformed requests to confuse or render them inoperable. The ‘distributed’ nature of DDoS refers to the fact that they emanate from different locations, sometimes hard to be tracked back because of IP spoofing – techniques used to hide originating IP addresses.

In recent times, at the core of most DDoS attacks are botnets. A botnet is a collection of compromised sets of individual devices like home computers, routers, IP cameras, digital video recorders and even parking meters. The end devices are commonly called bots or zombies because they have been taken over by hackers. The infected machines are usually triggered into action from a command centre, a compromised server or a remote computer used by a hacker or cybercriminal.

Attacks on the upswing
At a time when the cloud, IoT and 5G are transforming the digital world, networks have become even more important. More so after the advent of Covid-19, which has increased the reliance on the internet manifold. Unfortunately, the pandemic has also led to a growth in DDoS traffic. Apart from the 100 per cent increase in “high watermark levels” – daily peaks in DDoS traffic, DDoS has grown to be a terabit level daily reality for many networks globally, with imminent and more damaging potential for attacks over 10-15 Tbps. “Over the last year, the vast majority of DDoS has now transitioned essentially to IoT devices, other types of cloud servers and compromised cloud accounts,” says Dr Craig Labovitz, CTO of Nokia Deepfield.

“The IoT devices mostly come with exploitable bugs in their embedded operating systems or web servers. Others, including hundreds of thousands of devices, ship with a default password,” he adds. While most DDoS attacks are treated as a nuisance, high-bandwidth and high-packet-intensity volumetric attacks are worrying. With volumetric amplification DDoS, attackers leverage increased bandwidth and connectivity to deploy millions of servers and unsecured and compromised IoT devices to target and saturate interfaces, routers, load balancers, firewalls and network hosts.

Large-scale DDoS attacks can be fatal for network routers and infrastructure, disrupting connectivity and service availability for communication service providers, enterprises and consumers. They can lead to losses ranging from thousands to millions of dollars.

Spike in botnet DDoS
Botnet DDoS is one type of traffic that has exhibited significant growth since mid-2021. In the second half of the year, in marked contrast to the pre-IoT era, most of the largest DDoS attacks exclusively leveraged large-scale botnets. Today, botnet DDoS is the source of tens of thousands of attacks daily, with each of them involving anywhere between several thousand and several million IP addresses. It is estimated that between 100,000 and 200,000 active bots are engaged in these attacks. What’s making the situation worse is the difficulty in detection and mitigation. In the past, the basic tool to counter DDoS were offline “traffic cleansing systems” called scrubbers, which identified and removed malicious traffic and returned genuine traffic back to the network. These countermeasures were successful in thwarting the common amplification/reflection and synthetic traffic which normally does not exist as such on the internet. But this approach worked well when traffic volumes were manageable.

Addressing the challenge
The big question facing network operators currently is how to prepare for this formidable threat, given the exponential rise in botnets and their ability to generate realistic application payloads. The current approaches to DDoS protection are hobbled by multiple factors, including protection provided only to a few customers or systems, inability to scale, performance degradation and prohibitive cost. To safeguard from the new generation of threats, a new and robust DDoS defence must:

  • Protect everything and everyone
  • Provide real-time detection with better accuracy
  • Deliver cost-effective, agile, terabit-level mitigation
  • Automate mitigation of complex security policies to drive real-time surgical removal of DDoS threats and attacks

“As the DDoS threat evolves and better tools emerge to combat the menace, the internet community needs to take a firmer stance. The battle against DDoS must be fought with technology and with more involvement and better cooperation from service providers, hyperscale cloud builders, end users, regulators and governments,” says Pavlovic.

Read: The rising cost of cybercrime: Why businesses must invest in cybersecurity

You might also like


Scroll To Top