For the telecoms industry, 2019 is the year of 5G. Service providers are in a race to rollout 5G services that will empower the next generation of smart devices and the Internet of Things (IoT). With its massive increase in bandwidth speeds, ultra-low latency, and dramatic expansion in geographic coverage, 5G brings vast opportunities, driving a plethora of new IoT use cases and exponential growth in connected devices.
Whilst this sounds great, with this opportunity comes threat, namely the cybersecurity risks. For example, as more powerful smart devices come online, the networks hosting these devices will have a larger attack surface, which makes them bigger targets for malware, security breaches and, of course, distributed denial of service (DDoS) attacks. It also increases the opportunity for those devices to be harnessed for the purposes of launching damaging DDoS attacks against other targets.
Last month, A10 Networks released a report which highlighted key observations surrounding the growth in DDoS weaponisation from last year. Below are a number of key points from the report:
Attackers leverage vulnerabilities in the UDP (User Datagram Protocol) to spoof the target’s IP address and exploit the vulnerabilities in the servers that initiates a reflected response. This strategy amplifies attacks by producing service responses that are much larger than the initial requests.
DDoS Botnet weapons
Attackers are leveraging malware-infected computers, servers and increasingly IoT devices that are under the control of a bot herder, typically from a DDoS-for-hire service. The resulting botnet is used to initiate stateful and stateless volumetric network and application attacks.
Top sources of weaponry
Whilst the nature of DDoS attacks is distributed, data has highlighted that DDoS weapons with a high level of concentration came from internet-connected populations that are most dense. China specifically highlighted 4,374,660 followed by the USA at 3,010,039. The report also highlighted that there is a growing trend towards DDoS weapons being hosted in the cloud. This is attributed to the influx of mobile devices and growing adoption of the cloud. This has changed the way networks and applications are delivered and weapons are evolving alongside the new technology trend.
These top-line observations highlight the challenge for the modern enterprise. The focus of enterprise DDoS defence should always be on their users. After all, they drive the business and when access to critical services is down, employees opt to go home or use unsecured methods. Enterprises need comprehensive, cost-effective defence to ensure services are available and users are protected. This is where adoption of a resilient and sophisticated two-pronged DDoS defence alongside a threat intelligence solution is the most effective for complete attack coverage.
Cloud with on-premise solution
A two-pronged defence approach offers help for the most demanding network environment. Previously, industry conversations surrounded cloud versus on-premise solutions. But enterprises need to have a solution that offers both. Cloud scrubbing is an important part of enterprise defence when attack volume grows beyond the capacity of a business’ internet coverage. But cloud-only scrubbing has limitations due to how it works. Enterprises need to complement this solution with an on-premise solution that mitigates all classes of DDoS attacks. This includes fast detection and mitigates intervals down to 100 ms. On-premise defence solutions allow attacks that are undetectable by cloud scrubbing to be blocked, such as low and slow application attacks.
Sophisticated DDoS threat intelligence combined with real-time threat detection and automated signature extraction will allow businesses to defend against the most massive multi-vector attacks. Actionable DDoS threat intel enables a proactive approach to DDoS defences by creating blacklists based on current and accurate feeds of IP addresses of DDoS botnets and vulnerable servers commonly used in these types of attacks.
In the next few years, as 5G networks become operational, we will see the size of attacks grow substantially. Enterprises need to look beyond the traditional security methods and here at A10 Networks we see the cloud and distributed nature of DDoS attacks creating the opportunities for enterprises to take a proactive approach by focussing on key tactical solutions to enable better protection.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam to learn more.