‘It’s not if, but when’ is a long-established trope in the world of cybersecurity, warning organizations that no matter how robust their defenses, nor how sophisticated their security processes, they cannot afford to be complacent.
In 2020, little has changed – and yet everything has changed. The potential scale and scope of distributed denial of service (DDoS) attacks is far greater than it ever has been. Attackers can call on massive botnets to launch attacks, thanks to the ongoing rapid growth in cloud usage and expansion of the IoT, which has given more devices and resources which can be exploited. Furthermore, the vulnerabilities that these botnets can target are challenging to protect using standard network security solutions.
So what attack types will we see during this year? Here are 5 key trends that I expect to see developing during the coming months.
Attacks will reach unprecedented scale
According to the Department for Homeland Security, the scale of DDoS attacks has increased tenfold over the last five years. The DHS has also stated that if this trend continues, it not certain whether corporate and critical national infrastructures will be able to keep up.
A perfect storm of factors is feeding into the growth in DDoS scale. Criminals are hijacking cloud resources, or simply renting public cloud capacity using stolen card details to massively amplify their attacks. At the same time, the explosion in IoT devices gives criminals more potential recruits as soldiers for their botnet armies. As a result, the gap between an organization’s available bandwidth on its internet connection and the size of an average DDoS attack is widening. Even the biggest security appliances currently available cannot compete with attack volumes that in many cases are over 50 times greater than the capacity of an organization’s internet connection.
Game-changing industrialized attacks
Furthermore, DDoS attacks are no longer the realm of digital vandalism, launched primarily by individuals interested in testing their own capabilities or causing a nuisance. The underground economy is booming, with new marketplaces for cybercrime tools and techniques being introduced all the time. There is a clear recognition amongst bad actors that cyberattacks, including DDoS attacks, can be enormously profitable – whether for criminal or even political purposes. Criminals are monetizing their investments in creating massive botnets by offering DDoS-for-hire services to anyone that wants to launch an attack, for just a few dollars per minute.
And on the subject of politics, with a US presidential election coming up in 2020, and following recent destabilizing events in the Middle East, the potential for a major politically-motivated cyberattack is higher than ever. It would not be the first such attack – Estonia fell victim to a country-wide DDoS attack over a decade ago – but the blackout-level potential of today’s attacks is far greater. Simultaneously, it is becoming ever easier to obfuscate the true source of an attack, making definite attack attribution very difficult. From a political perspective, the ability to ‘frame’ an enemy for a large-scale attack has obvious, and worrying consequences.
Power infrastructures under targeted attack
On a related point, targeting industrial controls has become an increasing focus for nation-state attacks. The US power grid, and power infrastructure in Ukraine are both known to have been targeted by state-sponsored Russian hackers.
As more industrial systems are exposed to the public internet, a targeted DDoS attack against these could easily cause outages that interrupt critical power, gas or water supplies (think industry 4.0). And at the other end of the supply chain, Trend Micro’s recent Internet of Things in the Cybercrime Undergroundreport described how hackers are sharing information on how to hack Internet-connected gas pumps and related devices often found in industrial applications. These devices could either be flooded to cause a wide-ranging blackout, or infected and recruited into botnets for use in DDoS attacks, or to manipulate industrial processes.
APIs are the weakest link
However, DDoS attacks are no longer limited to merely attacking or exploiting organizations’ infrastructure. In 2020, I expect attacks against APIs to move into the spotlight. As we know, more and more organizations are moving workloads into the cloud, and this means that APIs are increasing in volume.
Every single smart device within an IoT ecosystem, for example, is ultimately interacting with an API. And far less bandwidth is needed to attack APIs, and they can rapidly become hugely disruptive bottlenecks. Unlike a traditional DDoS attack which bombards a website or network with bogus traffic so that infrastructure grinds to a halt, an API DDoS attack focuses on specific API requests which generate so much legitimate internal traffic that the system is attacking itself – rather like a massive allergic reaction. Many cloud-based organizations are vulnerable to this, and APIs are harder to protect using conventional methods. So I expect attackers to increasingly exploit this vulnerable spot in organizations’ defensive armor.
The cloud is not a safe haven
There is an assumption in the market that migrating workloads to public cloud providers automatically makes businesses better off – and in many ways of course, this is true. Flexibility, scalability, agility, cost-effectiveness – there are myriad business benefits to be gleaned from the cloud. Yet the assumption that the major providers automatically offer attack-proof security is an illusion. In October 2019, AWS was taken offline for eight hours, demonstrating that even the biggest public cloud providers are vulnerable to DDoS attacks, with hugely disruptive potential knock-on effects to their customers. Some studies estimate that knocking out a single cloud provider could already cause $50 billion to $120 billion in economic damage—on a par with the aftermath resulting from Hurricane Katrina and Hurricane Sandy.
In conclusion, these points may paint a bleak picture for 2020. But companies that adopt the mindset of ‘not if, but when’ will be well positioned to counter the escalating threats. Using solutions which are capable of fending off high-volume DDoS attacks as well as resource-intensive exploits on protocols and application levels, organizations can stay a step ahead of threat actors, and avoid becoming their next victim.
About the author: Marc Wilczek is Chief Operating Officer at Link11, an IT security provider specializing in DDoS protection.