Turning to our predictions concerning the technical side of DDoS attacks in 2017, there was near unanimity over the escalating threat from insecure Internet of Things (IoT) devices. As we found at the tail end of 2016, large scale DDoS attacks are being facilitated by IoT botnets running the Mirai malware system (for example, the 21st October Dyn attack).
In a nutshell, weak security and authentication practices within common IoT devices such as webcams have left an open door for malware DDoS-focused botnets to flourish.
More high profile IoT & malware DDoS attacks were predicted 2017
Dark Reading, the security news site, for example, discusses the role of IoT and Mirai and warns that incidents involving these technologies were predicted to be the top cyber threat of 2017.9 Arbor, whose annual infrastructure report was recently just been published, is, if anything, even more pessimistic about this threat.
Drawing on their experience in 2016 Dark Reading warned that IoT’s weaknesses “dramatically increase the potential for bad actors to wreak havoc upon the global Internet” and that “attackers have used IoT devices to build and weaponize massive botnets of unprecedented size and capability”10 (p. 97).
Incapsula, the Californian cloud computing company, went further, arguing that although Mirai was responsible for huge, and high profile, damage in 2016, it was not unique. Their attack experience involved an entirely new IoT-based botnet, nicknamed Leet, which they warned: “is the first to rival Mirai’s achievements. However, it will not be the last”.11
Meanwhile, Corero predicts that the Mirai’s botnet itself was to become more complex and difficult to manage in 2017, as hackers adapted the now openly available code. This is backed by Deloitte who warned that “relatively unskilled attackers” can take advantage of this new cyber threat tool.4 Deloitte also place emphasis on the growing bandwidth capacity available to cybercriminals in the form of ultra-fast consumer broadband, so that, for example, a botnet created from consumer PCs has more capacity than it used to.
Unfortunately, the IoT door will remain open for some time. Gartner, for example, whose 2016 Security & Risk Summit looked at threats over the next two to four years, warned that until at least the end of 2018, “over 50% of IoT device manufacturers will not be able to address threats from weak authentication practices”.12 By 2020 they warned, 25% of all enterprise security attacks will involve IoT.
Symantec counsels that, thanks to these risks, computer security teams need to look beyond PCs and mobiles and consider all sorts of devices on their networks, down to the humblest thermostat and security camera.13 Forrester concured, pointing out that 2017 would see further proliferation of deployed IoT devices at the edge of company networks and that 2016’s IoT-based DDoS attacks were likely to be “the tip of the iceberg when it comes to using connected devices to do harm”.14
Rise of Permanent Denial of Service (PDoS) for data center and IoT operations in 2017
Moving on to other DDoS-related issues, Radware, the Israeli cybersecurity and DDoS protection vendor, speculated that 2017 may see the rise of Permanent Denial of Service (PDoS) attacks in which the victim’s systems are so badly damaged that they require replacement or reinstallation of hardware.15 Also sometimes known as ‘phlashing’ these, arguably more vicious, attacks aim to cause permanent damage rather than simply overwhelm a victim for a period of time (as is the case with standard DDoS). Corero warned that 2016 showed us how quickly the threat landscape can change and they speculate that “novel, zero-day reflection and amplification attacks” will be appearing with more frequency.6
Ransomware to pervade the public Cloud
Others predict that the Cloud is ripe for attack. McAfee, for example, reports that denial of service for ransom will be mounted against Cloud computing providers, in part, because of the incentive that “one cloud can contain many tenants”. 16 Symantec backed these concerns, seeing major threats to what it terms “the Cloud Generation” of digital businesses. They wrote that “Ransomware will attack the cloud” as it provides “a very lucrative target”.
What’s to be done? How can organizations prepare for DDoS attacks in 2017?
Gartner suggested companies prioritise the growing risk from IoT devices and take full ownership for ensuring their security. Others, such as Symantec, looked ahead at solutions coming through machine learning and Big Data, as security technology gets intelligent.
DDoS testing can provide resilience
For Deloitte, the answer lied in rigorous DDoS testing, urging that: “organizations should identify proactively weaknesses and vulnerabilities that would reduce the effectiveness of DDoS attack detection or mitigation” (p. 9).
At activereach we wholeheartedly support this view and make a point of ensuring our customers are both aware of developments and making robust use of the latest mitigation and testing strategies.
Max Pritchard, Senior Pre-Sales Consultant at activereach, says:
“It is clear from the predictions that 2017 is going to be a tough year for computer security. There is hope though, with the right levels of awareness, mitigation and testing, that the risks to businesses can be managed. activereach will continue to strive to support all our customers through what promises to be a difficult twelve months.”
In the final analysis, perhaps the most important lesson from all the speculation and prediction is that defeating cybercriminals would be a collective endeavour between the data security industry and the organizations suffering attacks.
Here at activereach we rather like that as a New Year’s resolution.Want to protect your business from a DDoS attack? activereach scours the national and international markets to find the best DDoS mitigation solutions. Get in touch below to find our more, or give us a call on 0845 625 9025.For general predictions regarding the scale and size of DDoS attacks in 2017, please go to Part 1 of this blog.
[9] Pascu, L., ‘2017 To Bring More Ransomware, IoT DDoS Attacks, And SCADA Incidents’ [blog], Dark Reading (5th Jan 2017).
[10] Arbor Networks, 12th annual Worldwide Infrastructure Security Report (Burlington, Mass. :Arbor Networks, Jan 2017).
[11] Zawoznik, A., Bekerman, D., ‘650Gbps DDoS Attack from the Leet Botnet’ [blog], Incapsula (26th Dec. 2016).
[12] Panetta, K., ‘Gartner’s Top 10 Security Predictions 2016’ [blog], Gartner (15th June 2016).
[13] Kenyon, B., ‘Security in 2017 and Beyond: Symantec’s Predictions for the Year Ahead’ [blog], Symantec Official Blog (20th Dec 2016).
[14] Press, G., ‘Internet Of Things (IoT): 2017 Predictions From Forrester’ [blog], Forbes (1st Nov 2016).
[15] Herberger, C., ‘Cyber Security Predictions: Looking Back at 2016, Peering Ahead to 2017’ [blog], Radware Blog (13th Dec 2016).
[16] McAfee, McAfee Labs 2017 Threats Predictions (Santa Clara, CA.:McAfee, Nov 2016) (p.15).