Nokia has released a report analyzing 10,000 distributed denial-of-service (DDoS) attacks over the past two years, further illustrating that organizations need to be ready in case of potential cyber threats. These attacks are becoming more complex due to the growth of IoT botnets when combined with cyberattacks evolving into a money-making industry for would-be hackers.
The attacks analyzed by Nokia originate from a variety of internet providers around the world, along with regional internet providers, global transit and cloud providers. This worldwide market for malicious parties has led to an eruption of DDoS attacks from a variety of sources. The attacks are not just growing in number, but also in scale, as the telecommunications company says IoT botnet and amplifier attack capacity exceeds 10Tbps, a significant increase of three-to-four times the size of attacks previously reported. This upscale in attacks signals that organizations need to be aware of these threats at all times or risk having their personal websites or networks flooded with phony traffic.
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
Botnet DDoS creating difficulties for security teams
Last year, Nokia shared its findings as part of its DDoS 2021 report, showing that by mid-year the most impactful DDoS were originating from high-bandwidth, high packet-rate, volumetric DDoS attacks. However, with the rise of botnet DDoS attacks, the playbook for the barrage of harmful traffic has changed. Whereas before DDoS could be diverted using cleansing systems, the increased use of IoT and cloud computing has led to malicious groups scaling up attacks to match these new technologies.
While DDoS attacks were once most likely from home computer users, the growing black market when it comes to hacking and cyberattacks has elevated the scope and volume of attacks as hackers can sell a variety of offensive IT choices and be paid via cryptocurrency, which is largely untraceable. The inadequate security of IoT devices has also opened up a new market for these types of attacks. The growing number of unsecured devices has unlocked a multitude of vulnerabilities to be exploited via the growing black market.
The DDoS attacks are not only larger in scale, but also trickier for security experts to identify and alleviate from vulnerable systems. Before these botnets grew in complexity, the scrubbers were able to mitigate the amount of harmful traffic in a variety of ways, such as identifiable patterns and poorly randomized headers. But now, large DDoS attacks are utilizing large-scale botnets, using authentic IP addresses and legitimate checksums, making it more difficult to separate these malicious botnets from legitimate users.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
One proposed way that organizations can work around the new, more complicated DDoS attacks are through multiple layers of elaborate security.
“DDoS attacks are the first salvo in any hostile cyber operation,” said Rajiv Pimplaskar, CEO at Dispersive Holdings. “Typical DDoS mitigation strategies include a reduction of the attack surface area via Content Delivery Networks or load balancers, as well as the use of Access Control Lists supported by firewalls to neutralize traffic coming from attacker nodes. Companies should also look at multipath VPNs to obfuscate source destination relationships and traffic patterns so as to make themselves a harder target.”
While Nokia does not offer up specifics in avoiding these malicious attacks in their report, the rise in botnet DDoS being more common and more easily attainable to those looking to do harm. This change signals that the onus is now on enterprises to get creative with security enhancements and create the needed buffers of protection to keep their respective organizations safe.