Content delivery and cloud services firm Akamai has warned about the rise of potentially disruptive Distributed Denial-of-service (DDoS) attacks in its Q3 State of The Internet Report.
2016 has been a year of unprecedented levels of DDoS attacks, in direct correlation with the growth of the Internet of Things (IoT) and the saturation of IoT devices.
An interesting episode in the 2016 DDoS attacks is the attack on the site of Brian Krebs, a cybersecurity writer and blogger. Mr. Krebs’ site, which is protected pro bono by Akamai’s security solution received a whopping 623 Gigabits per Second (Gbps) attack in September, an event widely reported by the media.
According to Akamai, this was the largest attack which the company had ever mitigated till date, and even though the company managed to keep Mr. Krebs’ site functioning, the attacks caused the company to re-evaluate the resources expended in achieving this – considering the fact that the service to Mr. Krebs is free.
The DDoS attack on Mr. Krebs’ site and other subsequent ones were remarkable because they leveraged home routers and IoT devices to send junk traffic to flood servers with useless requests, making it virtually impossible for legitimate requests from legitimate users to get through.
A little knowledge of the seven-layer Open Systems Interconnection (OSI) Model makes it easier to understand, fundamentally, how these attacks happen.
The tool used in the DDoS attack on Mr. Krebs’ site leveraged (Generic Routing Encapsulation) GRE, SYN and ACK floods at the network level (layer 3), in conjunction with PUSH and GET floods at the application layer (layer 7).
Individually, these vectors are relatively easy to mitigate, but you have a problem when traffic exceeds 623 Gbps.
Incidents of “mega attacks” grew “significantly” in size and scope quarter over quarter in 2016, with 19 mega attacks in Q3 2016, according to Akamai. Booster/stressor botnets account for a large portion of the attack traffic in mega attacks, with the Mirai family of botnets taking the leading position.
DDoS attacks in previous quarters where characterized by reflection attacks (a method of attacking a challenge-response authentication system that uses the same protocol in both directions), in contrast to the use of compromised IoT systems to generate traffic by the Mirai and associated family of botnets.
There is a call by stakeholders for the regulation of the Internet of Things, with several legislators and groups advocating for strong, defined regulation of IoT devices.
“The market really can’t fix this. The buyer and seller don’t care,” said Bruce Schneier, a computer security expert and fellow at Harvard University’s Berkman Klein Center for Internet & Society, on Wednesday while speaking before members of the U.S. House of Representatives’ Energy and Commerce Committee about the regulation of the IoT. “I argue that government has to get involved, that this is a market failure and what I need are some good regulations,” he added.
Even though Application-layer DDoS attacks could have crippling consequences, they remain relatively rare due to the level of technical sophistication required to pull them off, said Akamai. This may not be that much of an issue in the future because DDoS attack tools and services are available for purchase on the Dark Web.