2016 was a year that will inevitably represent a defining moment in cyber security, particularly in relation to distributed denial of service (DDoS) attacks. We’ve witnessed some of the most disruptive DDoS attacks on record in 2016, including a 650Gbps attack on cyber security journalist, Brian Krebs' website and the reportedly 1.2 Tbps attack on Dyn’s DNS infrastructure, which impacted a variety of high profile sites across the globe. Locally we also witnessed large scale DDoS attacks, such as the attack on the Australian Bureau of Statistics’ website during the Census period.
Worryingly, organisations in the Asia Pacific region have appeared to be less prepared to deal with online threats than other global counterparts. The region leads the field in the amount of damage left in the wake of a distributed denial of service (DDoS) attack. Almost half of all APAC organisations took over three hours to detect and an extra three hours to respond to a DDoS attack, which is significantly higher than global averages. Moreover, 20 percent of APAC enterprises are not planning to invest in more DDoS defence this year.
The bad news is that, unlike previous years where hackers did just enough to breach defences, the last few months of 2016 brought new IoT-infused DDoS attacks that caused wide scale damage never seen before, but predicted for years. Therefore, investing in the right type of DDoS defence and collaborating with experts who can provide guidance on pre-emptive strategies are no longer an option but have become imperative for organisations that want to effectively respond to an attack, and in doing so, greatly reduce the risk of substantial business impact.
While examining the major security events of 2016, it’s important to maintain a forward vision of what’s coming in 2017. Here are my top three predictions of cyber security trends to expect next year:
1.Mirai was just the beginning
The recent Mirai botnet-based DDoS attacks leveraging poorly secured IoT devices, such as the attack on Dyn, were just the beginning of the havoc that DDoS will wreak on organisations in the coming year. The attacks using this type of code variation will only increase in size, complexity and ferocity in 2017.
The Mirai code has morphed already from its initial incarnation, with new strains exploring different ports and strike positions to target vulnerabilities. Mirai type attacks, that is, those that reconnoitre and test credentials as part of an effort to compromise and enrol devices in botnet arsenals, will significantly shape DDoS attack strategies and experiences.
As defences learn attack signatures and invoke countermeasures, even pre-emptively by blocking ports and improving edge resilience, attackers will adjust their code and tactics. There will be quite a bit of cat-and-mouse games played for the foreseeable future as attackers and defenders work to one-up each other.
2.Conventional DDoS attacks continue to pose a significant threat
As the world focuses on massive Mirai types of attacks, the number of quiet, lower volume, targeted attacks remains constant, steady and dangerous. These attacks are now, more than ever, used in concert with other attack vectors. From 1 January through 31 October, 2016, 48 percent of the identified occurrences that Neustar mitigated used multiple vectors. In 2016, research commissioned by Neustar found that amongst those APAC organisations who suffered a DDoS attack last year, almost half detected a virus, 37 percent experienced malware and 16 percent also identified ransomware.
3.Attack volumes will continue to grow
While the average size of attacks has remained steady for three years straight at around 5Gbps, the volume of attacks, especially repeated ones against the same targets has increased. From 1 January to 31 October, Neustar saw a 40 percent increase in DDoS attack quantity compared to 2015.
Attackers continue to use DNSSEC and TCP SYN flood methods to attempt to accomplish specific objectives. In fact, one third of all incidents identified by Neustar in 2016 were DNS-based, with nearly half of those showing strong signs, and in some cases, direct source signatures, of DNSSEC as a component.
4.New threats will be identified in 2017
The advent of IoT technology ubiquity and its exploitation is just one area in which attackers became more emboldened in 2016. The effectiveness of ransomware, phishing and malware all reveal many inroads to create lucrative chaos in organisations. The year ahead will produce unlimited opportunity and potential for bad actors to achieve objectives that include theft, disruption and extortion.
As the cybersecurity landscape constantly evolves, protection solutions must also adapt to anticipate attackers’ modus operandi. Businesses rarely hold back when it comes to investment in CCTV, 24-hours security guards and specialist insurance policies to reduce losses and deter theft. They even accept the fact that criminals will steal from them someday and thus, put systems in place to help mitigate the damage when they fall victim. So, why should their attitude towards the cyber space be different?
If the past is prologue, then 2017 will offer another opportunity for bad actors to devise new and creative ways to launch dangerous DDoS attacks. Come what may, we can count on the cyber security game of cat and mouse to continue into the foreseeable future.