Denial of Service (DoS) attacks are designed to knock a service offline or to degrade its usability. This can be accomplished in a variety of ways, but a Distributed DoS (DDoS) attack accomplishes its goals through sheer volume of data thrown at the target service. Any computing system has limits on the amount of data or number of requests that it can balance. While these limits can be pushed up by using state of the art hardware or load balanced servers, there is always an upper limit that cannot be exceeded.
A DDoS attack pushes a system to these limits by taking advantage of the resources of an array of different systems. While an attacker may not have access to the same caliber of systems as their target, sheer numbers can allow them to bring any unprotected system offline.
A DDoS protection solution is designed to identify and block attack traffic, enabling the protected system to continue operating as intended. As the number and volume of DDoS attacks grow, due to cybercriminals having access to more cheap computing power, these solutions are becoming a vital part of an organization’s cybersecurity deployment.
The Growing Threat of DDoS
The number and volume of DDoS attacks is steadily increasing. While some of this growth is due to the discovery and use of new techniques (like DDoS amplifiers), another major contributor is the vast amount of computing power available to cybercriminals wishing to build DDoS botnets. As the use of Internet of Things (IoT) devices and the cloud grows, performing a DDoS attack is only becoming easier.
- Internet of Things
The growth of IoT is a godsend to cybercriminals, especially those operating botnets to perform DDoS attacks. IoT devices make ideal members of a DDoS botnet since they are easy to compromise and receive little or no oversight, attention, or maintenance from their owners.
In order to operate, many IoT devices need to be connected to the public Internet since they are designed to be managed and monitored from smartphone apps and other remote sources. However, most people don’t know how to configure a firewall to lock down access to a device to legitimate users.
Exacerbating the problem, IoT devices have extremely poor security by default. Many IoT devices have well-known, default usernames and passwords. This makes it easy for cybercriminals to log into them and control them via the Telnet protocol, which many of these devices have enabled by default. The use of Telnet, which is deprecated in most organizations because it is insecure and sends traffic in plaintext, also makes it easy to detect these vulnerable devices since attackers can just scan for devices running Telnet.
As a result, would-be DDoS attackers have no problem finding devices to add to their botnets. The IoT craze means that a wide variety of systems are being connected to the Internet. These range from lightbulbs to toasters to building access control systems that are being targeted and exploited to use in DDoS attacks.
- Cloud Computing
Another of the major drivers in the growth of DDoS botnets is the rise of cloud computing. In order to perform a large-scale DDoS attack, a cybercriminal requires access to a great deal of computing and networking power. With the growth of the cloud, acquiring these resources can be accomplished both affordably and cheaply.
The cloud offers great scalability and price savings for legitimate businesses, but they help cybercrime as well. As the cloud grows more affordable, some DDoS botnet operators have been switching from IoT-based botnets to cloud-based ones.
In fact, an operator of a DDoS for hire site recently leaked a list of IP addresses and login credentials for over 515,000 different Internet-connected devices. Such a list could easily be used to build a massive botnet since the devices could be remotely accessed and controlled via the Telnet protocol. The owner of the list claimed that they released it publicly since they had moved from operating an IoT botnet to one based on renting cloud computing services.
This switch from operating a rather large IoT botnet (the famous Mirai botnet only reached about 400,000 devices at its peak) demonstrates that the cloud is a viable option for botnet operators and is likely easier and more reliable to operate. However, this also increases the number of DDoS botnets that can operate and the scale of attacks that they produce since attackers are no longer limited by the number of vulnerable devices (IoT or otherwise) that they can compromise and operate.
Protecting Against DDoS Attacks
DDoS attacks hurt both their targets and the owners of the systems used to perform them. A DDoS attack can knock an organization’s web presence offline, costing them sales and hurting relationships with existing customers. For the owners of the IoT devices and cloud services being used in the attack, their hardware and networking bandwidth is taken up by malicious traffic.
Defending against DDoS attacks requires fighting cybercriminals at every stage of the process. Securing IoT devices (by changing passwords, configuring firewalls, etc.) decreases the number of bots that can be used in DDoS attacks. Potential targets of DDoS attacks should deploy DDoS protection solutions that identify and filter out attack traffic, making attacks ineffective. Both of these efforts drive down the potential profitability of DDoS attacks, making them a less enticing option to cybercriminals.