Page 26 - Cyber Warnings
P. 26
However, the success of these defenses ultimately depend on the volume of the attack. If the
attackers are able to utilize enough bandwidth, they can defeat even those DDoS defense
mechanisms designed to prevent these attacks from succeeding. For example, the recent
attacks outlined have more than doubled or tripled the amount of traffic that DDoS mitigation
companies have previously seen. As Brian Krebs reported in the aftermath of the attack on his
site, “Martin McKeay, Akamai’s senior security advocate, said the largest attack the company
had seen previously clocked in earlier this year at 363 [Gigabits of traffic per second (“Gbps”)],”
but the attack on KrebsonSecurity exceeded 600 Gbps and the attack on OVH exceeded 1
Terabit per second or 1,000 Gbps.
As evidenced by the activity in these recent attacks, the increasing prevalence of IoT devices
present a heightened risk of DDoS attacks. The attackers are able to exploit the relative security
weaknesses in IoT devices, like internet-connected cameras and DVRs, using malware to
create networks of these computers, known as botnets, that report to a central control server
that can be used as a staging ground for launching powerful DDoS attacks. Due to the number
of IoT devices that can be compromised at once, the amount of traffic that an attacker could
generate by using a botnet “army” is far more substantial than the DDoS attacks of the past.
The source code for one variant of this malware, “Marai,” was recently released publically,
which, experts predict, will lead to more of these attacks occurring. This malware is able to gain
control over numerous IoT devices by continuously scanning the Internet for IoT systems
protected by factory default or hard-coded usernames and passwords. Although one of the
manufacturers of devices that were found to be used in these attacks recently announced a
recall, many other devices remain vulnerable.
Exacerbating the issue is the increased use of IoT devices in the United States and worldwide.
One information technology research and advisory company forecasted that 6.4 billion
connected things will be in use worldwide in 2016 and that the count of IoT devices in use will
reach 20.8 billion by 2020. In 2016, an estimated 5.5 million new IoT devices will get connected
every day.
While the release of Marai’s source code and worldwide increase in IoT devices may contribute
to the recent rise in frequency and scope of DDoS attacks, the motives behind the attacks may
also play a role. Many attacks in the past have been motivated by politics, business competition
or revenge. However, more recent large-scale attacks appear to stem from more nefarious
purposes–financial extortion and theft of information. These types of motivations might not be
readily apparent during the initial response to a DDoS attack when visibility into network traffic
and server activity may be compromised.
DDoS extortion is often carried out through several different methods. In some cases,
companies receive ransom notes prior to a purported attack, demanding payment in exchange
for a guarantee that the extortionist will not launch a DDoS attack in the near future. In other
circumstances, the ransom note arrives after the initial flood of internet traffic from a DDoS
attack has already begun–with a warning that the attack will be amplified if payment is not made
within a specified amount of time. These notes may have similar bitcoin demands and time
26 Cyber Warnings E-Magazine December 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
