Last year saw the largest and most high-profile Distributed Denial of Service (DDoS) attacks in history. In September, a series of attacks included an assault on the French web hosting company OVH that reached a once inconceivable 1.1 terabits per second.
And the very next month, an attack on the web infrastructure provider Dyn topped that, reportedly hitting 1.2 terabits per second.
But is 2017 shaping up to be even worse?
Deloitte warns of just that in its 2017 predictions. It says that DDoS attacks will “enter the terabit era” and predicts an average of one 1-terabit-per-second attack a month in 2017, with 10 million attacks total.
Cisco foresees a similar escalation in coming years, predicting that the number of attacks will increase 2.6-fold between 2015 and 2020, when they will exceed 17 million annually.
Defending against this kind of escalation is going to take awareness, diligence, and, we think, an increased reliance on direct interconnection.
The changing landscape
A DDoS attack is when hackers use multiple computers and internet connections to flood a targeted site with bogus traffic, attempting to overwhelm the site and knock it offline. In Arbor Networks' 2016 security survey, 53% of respondents indicated they were seeing more than 51 attacks per month, a significant increase in frequency from the prior year.
The typical attack is nowhere near the 1 terabit level – just a third of the Arbor Networks respondents said the peak attack reached 100 gigabits per second. But the potential size of the attacks has increased exponentially in the last decade, and Deloitte lays out some key reasons why:
A growing installed base of insecure Internet of Things (IoT) devices (i.e. digital security cameras, digital video recorders), which attackers can corral and weaponize.
The online availability of malware methodologies that enable relatively unskilled hackers to commandeer IoT devices and stage assaults.
The availability of higher bandwidth speeds, which allows hackers to send out higher volumes of junk traffic over networks of compromised devices.
DDoS attacks often aren't successful – both the attacks and defenses against them have gotten more sophisticated. But when they hit, they hurt. Nearly a quarter of Arbor Networks survey respondents said a major DDoS attack cost them more than $100,000, and 5% said the costs exceeded $1 million. And that's not counting loss of reputation.
Preventing the big hit
As discussed in a post about making the IoT secure from DDoS attackers, putting security first in the design of every IoT-enabled device is critical to preventing large-scale assaults.
We know that security is not top-of-mind for manufacturers of connected toasters, for example. But it must be, especially when any connected device can be used as a platform for attack.
A credible defense really starts with a change in mindset that acknowledges the scope of the threat, the diligence needed to meet it, and a commitment to developing common and easily adopted security standards, including network standards for connected devices.
Beyond that, here are some basic principles that can mitigate the impact of DDoS attacks:
Be cunning: There can be circumstances in which companies might want to consider doing what they can to confuse attackers by, for example, presenting them with false information to inspire confusion and wasted efforts. (This should always be done judiciously and with careful forethought of potential business and legal consequences.)
Be dispersed: Centralized computing makes for a fatter target. Organizations can benefit from dispersing their IT capabilities by making their critical functions harder to pinpoint and attack.
Be a pain: Organizations need to be sure their device and software vendors are obtaining standard security credentials for their products, and that those credentials are easily updated. Their vulnerabilities will become yours.
At Equinix, we see our global interconnection platform, Platform Equinix, as an excellent staging ground for DDoS defenses. We host an ecosystem of managed security companies that specialize in DDoS attack mitigation, such as Deloitte's cloud-based cybersecurity services, so our customers always have access to leading-edge solutions.
With facilities in 40 global markets, we have a worldwide presence that can enable companies to disperse their IT, making them more difficult to target. We also specialize in interconnection, specifically close, direct and secure interconnection that's easier to protect and manage, right out to the digital edge of the corporate network.
Article by Larry Hughes, Equinix blog network