Top Major Network threats
As the Internet and new digital technologies become more widespread, the number of cybersecurity incidents increases. DDoS can now affect almost all industries in all regions of the world.
Both the power and the complexity of the attacks have increased dramatically. For example, a well-organized attack can reach 1 Tbps or more today. Today’s network infrastructure is becoming increasingly difficult to defend against cyber attacks. Its construction and maintenance costs business more and more.
In 2016, incidents related to DDoS intensified noticeably. Previously, the most dangerous type of attacks, with amplification (with effort – when an attacker sends requests from a fake IP server that responds with larger packets; accordingly, the more calls, the more powerful the attack), a large provider could eliminate even in cases of power up to 100 300 Gbps. Other complex attacks (for example, L7 – the degradation of web applications due to attacks that repeatedly repeat requests to search and retrieve specific information from the server until it simply runs out of resources) have rarely happened in recent years. Today they constitute an increasingly serious threat. Recently, experts have recorded a linear increase in the peak DDoS power. In a wide variety of devices – webcams, video recording servers,
Attackers look for vulnerabilities and backdoors, including examining the code of the latest device firmware. The boom in startups and the growth in the number of connected devices are new risks for businesses in terms of the emergence of large botnets. They are used for high-frequency attacks, which are extremely difficult to stop, even using specialized security tools. As a result of such an attack, the performance of Internet resources is sharply reduced due to an abnormally high load.
Another problem is large-scale leaks of user bases of various companies, including the largest Internet projects. The cybercriminals got hold of the consolidated databases with the logins (often e-mail) and passwords of millions of users. As a result, the accounts of these users on any other service on the Internet were under attack.
To increase the power of attacks, attackers amplify attacks. The attacker increases the volume of “junk” traffic sent by exploiting vulnerabilities in third-party services, and also masks the addresses of the real botnet. Another vector is WordPress. This platform has a Pingback feature that allows autonomous blogs to exchange information about comments and mentions. A vulnerability in Pingback allows ad-hoc XML requests to request any web page from the Internet. Amplification on WordPress Pingback or DNS are already proven examples. In the future, the exploitation of younger protocols will appear, primarily gaming.
According to the results of testing several devices of the Internet of Things in 2016, notes their rather high vulnerability. At the same time, the number of connected devices in the world already exceeds 6.5 billion (according to Gartner), and by 2020 it will be from 20 billion to 30 billion.
At the end of 2016, the first IoT-based botnet, Mirai, was discovered. From there came a 1 Tbps attack on OVH, a French cloud hosting provider, one of the largest in its class. Then hundreds of thousands of routers, cameras, DVR servers and other connected devices (up to Wi-Fi coffee makers) attacked one of the largest DNS server providers in the world – Dyn. Some of the world’s most visited websites did not open for hours, demonstrating the damage from a deliberate attack on infrastructure.
Today, not only the number of attacks is growing, but also their quality. Both the DNS protection methods and the vectors and tools used by attackers have matured. At the same time, the level of experience and knowledge required for organizing DDoS attacks has noticeably dropped, as well as their cost (usually in cryptocurrency).
Hacking and network scanning have already reached unprecedented proportions. More and more attackers use pre-scanned IP address ranges segmented by technology and product used – for example, “all WordPress servers”.
By 2017, attackers have become more professional and operational. In 2013, the average period between reports and real hacks was considered a week, but now this “response” has accelerated significantly and can range from two to four hours, depending on the vulnerability. This interval may be reduced to two or less hours in the near future.
In parallel, Qrator celebrates the continuing evolution of attack tools, techniques and networks. Faster detection of enterprise vulnerabilities is expected in 2017.
By 2018–2019, an increase in the number of attacks on new technology stacks is predicted: microcontainers, private and public clouds (AWS, Azure, OpenStack). Experts expect an increase in nuclear-type attacks on providers and other infrastructure when linked autonomous systems or entire regions are affected. Only well-built geo-distributed cloud systems will be able to withstand record attacks.