2016 has had its fair share of record-setting cyberattacks and security breaches emphasizing how much the security landscape has evolved. Cloud-based application delivery platform Incapsula reported a massive 650 Gbps distributed denial-of-service (DDoS) attack on its network.
Today, things are much worse.
2017 has been the worst year to date with increasing number of DDoS attacks.
Let’s look at some history.
The aforementioned attack happened just before noon of December 21, aimed at several anycast IPs on its content delivery network. The attack did not appear to be focused on a single target; however, this might be due to the target’s IP being masked by the service. It was likely the attacker then opted to take down the service instead.
The attack lasted two rounds for a total of 37 minutes. The first round peaked at 400 Gbps while the second hit harder peaking at an Incapsula record 650 Gbps. The attacks used spoof IP addresses cleverly masking from which geolocation the attack originated.
The attack used SYN packets to deliver the payload. Upon analysis, Incapsula discovered a “signature” wherein the TCP Options headers spell out 1337, prompting the company to name it “Leet”. It is possible that similar or future attacks may be identified through this signature, and the company speculates that this may be a new botnet.
Mirai vs. Leet
Earlier last year, security website Krebs on Security suffered a massive 620 Gbps DDoS attack that prompted its security partner to drop its free support for the website. French hosting provider OVH has also reported a combined 990 Gbps DDoS attack on its network. Internet services provider Dyn was also hit by a massive DDoS attack that also brought down services like Twitter and Spotify.
These attacks were carried out using the Mirai botnet that exploited Internet-of-Things devices such as cameras and similar connected devices to deliver payload. New research published by security firm Symantec revealed that the poor security on IoT devices is partly to blame for their use in such threats. Many of these devices have lower computing capabilities and are thus incapable of running sophisticated protection against attacks.
With this new Leet botnet, it is still unknown if it also uses IoT devices in carrying out the attack. Mirai does not carry out large SYN attacks. It delivers payloads of randomly generated strings while the Leet botnet uses structured system files. What’s clear is that the Leet botnet can deliver the scale and size of Mirai’s record setting attacks.
Cost of downtime for businesses caused by DDoS attacks can run from $20,000 to $100,000 per hour. The impact of attacks may extend beyond downtime as DDoS can also result in lost customers, damaged reputation, and even substantial amounts paid to extortion.
Concern over DDoS should not be confined to larger organizations, as everyone is bound to be affected by such attacks. Attackers do not discriminate in terms of organizational size, and smaller businesses are left vulnerable due to IT security being less of a priority to them.
The threat of DDoS used to come from criminals and syndicates who want to extort money from businesses. With the latest reports, it appears that the motives now are more grand and nefarious. As attackers’ tools and resources become wider and more complex, attacks can be easily launched at any time.
Services like Incapsula are able to thwart and absorb such a massive attack. However, experts anticipate future attacks to be even more massive and complex. This leaves security firms vigilant in improving their capacity to thwart even bigger and perhaps simultaneous attacks in the future.
Security: Everyone’s Responsibility
All businesses that rely on the Internet should have security plans in place to prevent IT security breaches from happening. Educating staff on proper network and device use to prevent malicious software from compromising devices is a must. Network operations teams should also have monitoring and response plans ready so that they can readily react when such attacks occur.
It does not end with security providers. With the inclusion of IoT as attack vectors, even end-users may find their own devices contributing to the problem. Responsible users should invest in devices with adequate security features. It should be standard operating procedure to change the default administrator or root passwords to prevent breaches.
In this connected world, everyone has a part in contributing to security. With the advancement in technology, blockchain might be the solution to such attacks.