Service providers are faced with a great opportunity in the era of IoT, but with it comes great risk. It’s been a turbulent time for service providers in recent months, not least due to the rise in frequency and complexity of DDoS attacks which can completely knock out their networks.
In the last quarter of 2016 alone, the record for the largest DDoS attack by volume was broken three or four times.
So why the escalation, and why now?
DDoS isn’t a new threat, but its proliferation in distributing malware and amplifying its effects has not been seen before. It’s no coincidence we’ve seen malicious agents gaining control of large numbers of connected devices at the same time as the exponential growth in connected devices being manufactured. Produced rapidly with cheap hardware and operating systems, there are often little or no security measures in place, says Arthur Zavalkovsky, AVP Product Management and Strategy at Allot.
Those which do have security often have simple default factory settings that are easily breached. Consequently, many connected devices can act as entry points for malicious attacks, when infected. Together they can form a massive botnet army, capable of attacking networks with enormous volume.
In order to understand the nature of the threat, we need to look back at its recent trajectory. In 2014 the average size of a DDoS attack was approximately 7.39 Gbps. Big attacks like the 400 Gbps attack on Spamhaus in 2013, were not typical.
When Dyn, the DNS infrastructure provider, was attacked in October 2016, the estimated throughput of the Mirai botnet was 1.2 Tbps, making it the largest ever attack, vastly exceeding the incident a month earlier against cyber-security journalist Brian Krebs, which was 620Gbps. Notably, seven of the twelve Q4 2016 mega attacks, with traffic greater than 100 Gbps, can be attributed to Mirai.
The need for service providers to steer away from legacy security solutions
Service providers did not expect the severity and size of these new threats to their network security. Until these developments began, they often relied upon the insurance of scale. Put simply, they knew their networks could handle a certain volume of illegitimate traffic, so they focused on protecting customers rather than protecting their networks. Now, DDoS attacks have become so large that they can affect the whole network. In fact, recent attacks impacted service on some of the largest retail sites, unavoidably costing them in lost revenues.
And it has become far less effective to use scrubbing centres because the speed of attacks means it takes too long for the huge amount of traffic to get diverted, scrubbed and returned to the network, before it gets overwhelmed by more infected traffic. Cloud services face the same challenge when filtering and cleaning high volumes of network traffic.
Previously, the limited scale of infection meant that it could be mitigated at the end-point. But now the volume of attacks generated by IoT botnets is such that infections can rapidly reach the network core and from there, outbound attacks are generated. It has become imperative to identify and mitigate much earlier, at the network core, to address threats of outbound as well as inbound attacks. To achieve this effectively, solutions must be inline and carrier-grade, with the capacity to handle large volumes of traffic in real-time.
This is where Allot has helped protect customers throughout the world from the most aggressive DDoS attacks. With adaptable network-based solutions, service providers can be protected from knows, as well as unknown attack types, imperative in today’s competitive environment.
The author of this blog is Arthur Zavalkovsky, AVP Product Management and Strategy at Allot