Featured

How can we defend against the rising flood of DDoS attacks?

DDoS attacks are threatening the world on a global scale. Over the course of just one month, two major recent attacks have unfolded against nations. On October 21, internet service provider Dyn, which routes and manages internet traffic in the U.S., suffered a distributed denial of service (DDoS) attack on its domain name service. As a result, many leading internet services including Twitter, Spotify and Amazon suffered service outages and interruptions. Two weeks later, on November 4, the West African nation of Liberia suffered a similar targeted DDoS attack which took the country’s internet intermittently offline for a week, according to security experts. These incidents have raised serious concerns about the security of IoT, and the need to defend against such malice.

The recent attack against Dyn in the United States and the attack on Liberia are worrying because it proves just how sophisticated hackers are becoming. Dyn, which is based in New Hampshire, said the cyber attack on October 21 targeted its domain name service, which caused massive interruptions and slowdowns for its users. The attack meant that millions of internet users were unable to access the websites of online companies using Dyn, such as Netflix and Reddit, as well as the crafts marketplace Etsy and the software developer site Github.

DDoS attacks involve flooding websites with traffic, making it difficult to access them or take them offline. The attacks are used for various purposes including censorship, protest and extortion. Such attacks can have an extremely disruptive effect on the likes of Dyn, as domain name servers are an essential element of internet infrastructure, converting numbered Internet Protocol addresses into the domain names that allow users to connect to websites.

The characteristics of the recent attack in Liberia point to the same type of cyber attack that crippled Dyn, according to experts. Using software called ‘Mirai’, hackers deployed a network of infected computers known only as ‘Botnet 14’ to repeatedly overload the country's broadband network, taking Liberia offline for minutes at a time, internet security expert Kevin Beaumont, who monitors attacks using Mirai botnets, told AFP.

The Mirai botnet was effective in the U.S. attack because of the way it harnessed infected, internet-connected devices such as CCTV cameras and DVR players. That same method of attack was used in Liberia. “We’re seeing attacks over 600gbps (gigabits per second) aimed at two companies which co-own the only fibre going into Liberia,” Beaumont told The Guardian. He added that the recent DDoS attacks “are huge in volume – among the most amount of traffic the internet has seen.”  

Beaumont said there is no definitive reason why Liberia was attacked, but the country’s vulnerable internet infrastructure and lack of technical expertise could have made it a useful target for testing out even larger attacks in the future. "There is only one internet link to the country for broadband, so it might be the ideal test bed for attacks," said Beaumont.

The large attacks prove that the world has transitioned from an era where people would attempt to penetrate someone’s network for fun just to see if they can do it. We are now in an era that is a lot more dangerous, because today, cybercrime is an industry. For hackers, it’s not just about bringing down a network; it’s about stealing data, intellectual property and sensitive documents.

“Operators need to plan for the inevitable”

“The recent DDoS attack on Liberia, cutting out the country’s entire network infrastructure, proves the catastrophic damage that can be caused by cyber hackers that target connected devices,” commented Ultan Kelly, Senior Product Line Director at Cobham Wireless, discussing the risks of devices connected via the Internet of Things (IoT). “In such attacks, it is not only public web services that can be affected, but also the online business systems used in hospitals and other public services that people rely on.

“The Mirai botnet used by the hackers targets poorly secured connected devices which are ever more ubiquitous in the growing IoT landscape, and many internet service providers (ISPs) are woefully underprepared,” Kelly added. “But rather than looking at the problem at the device level, they must act now to address the threat at the network level, to ensure that consumers and businesses are not cut off from the world.”

A majority of Liberia’s population wasn’t affected by the DDoS attack because most people access the internet via their mobile smartphone. However, the Network World website reported that Liberian mobile phone service providers themselves had felt the effects of the attack since they rely on cable-based internet to power their businesses. Such outages only register for a few seconds, but are devastating for companies that require constant connections to servers in order to function, such as healthcare institutions.

“ISPs must continuously stress test their networks against the variety of attacks that could befall them, employing technology that provides a comprehensive recourse for proactively protecting and hardening their systems,” said Kelly. “The threat today is global and requires continuous, automated testing of ever changing policies that are verified with systems that have the latest cybersecurity and malware signatures. This maximizes the chances of identifying any potential security holes across their entire business.”

It is inevitable, as Kelly points out, that with increasing connectivity as a result of the Internet of Things, vulnerabilities will emerge for hackers to expose. Many security experts believe that it’s only a matter of time before vulnerabilities are exposed in smart city infrastructure, such as transportation clouds. Hackers could potentially control traffic lights, street lighting, automated bus stops, and many other digitally controlled city systems.

That power in the hands of a crazed activist could result in mass casualties. In Russia for example, a researcher from Kaspersky Lab, Denis Lagezo, was able to manipulate traffic sensors and capture data by simply looking up what kind of software was used, and then finding a user manual online from the sensor manufacturer. A recent Kaspersky survey revealed that expensive cyber attacks are now almost routine with 90 percent of the 5,500 companies surveyed reporting at least one security incident, and nearly half (46 percent of businesses) lost sensitive data due to an internal or external security threat.

What’s more, determining the reasons behind cyber attacks isn’t always clear. The malice of the hackers behind the recent Liberia attack has caused great concern, because the hackers have threatened those who seek to oppose them. For instance, the botnet used, officially named ‘Botnet 14 14’, has its own Twitter account: @MiraiAttacks. After Mr. Beaumont looked into the attack against Liberia, the hackers tweeted threatening messages to him, which led him to label this particular Mirai botnet “Shadows Kill”.

“The attacks are extremely worrying because they suggest a Mirai operator who has enough capacity to seriously impact systems in a nation state,” Beaumont said in a blog post. It is not yet known who is wielding the Mirai botnet against Liberia, or whether it is a state actor or independent hackers.  

“What happened in Liberia could just as easily occur anywhere in the world, and operators need to plan for the inevitable,” said Kelly. “It’s not a case of if another DDoS hack will take place, but when.”