There are more than 3.4 billion internet users globally with an estimated 6.4 billion IoT devices being connected to it, making the ecosystem a burgeoning exchange where information and transactions flow every other second. By 2020, Gartner estimates there will be 20 billion devices. IOT will be part and parcel of our lives, from utilities to transportation to citizen services. While all this offers an unprecedented level of convenience, it also attracts unwanted attention from cybercriminals who have evolved their capabilities over time. Devices in the connected IOT world bring all sorts of convenient new features, but people often forget these devices are also network-connected. From primitive worms and spyware in the past, people and businesses today face complex threats like cyber espionage, ransomware, sophisticated malware, and the ever ubiquitous DDoS attacks.
Distributed Denial of Service (DDoS) is a form of multi-source cyberattack that aims to disrupt network resource/services to their intended users. It has evolved in sophistication to become capable of wreaking all sorts of damage, such as fraud and extortion. DDoS attacks typically overwhelm network resources using sheer traffic volume from multiple compromised systems or devices posing as bots. DDoS attacks can be further classified into the following types:
- Volumetric: denies access to legitimate user traffic by flooding network resources, especially crippling ability to handle connections per second (CPS)
- Asymmetric: a small amount of malicious data designed to consume memory to slow the network down to a crawl
- Computational: designed to consume CPU resources and memory
- Vulnerability: exploits vulnerabilities
- Hybrid: a combination of one or more different DDoS attack types
A Bigger Threat Than Ever
While DDoS attacks have been common since the late 2000s, attack sizes have increased significantly in the past few years. New protocol exploits and amplification attacks have become too large for most organizations to combat without the support of a cloud-based DDoS scrubbing service. In 2013, it was reported that SpamHaus services were brought down as a result of a 300 Gbps attack, while in 2014, an attack peaking at 400 Gbps was recorded. However, the world’s largest DDoS attack in history was captured in 2015 with a peak of 500 Gbps. And with bandwidth costs getting cheaper, it has become more affordable to launch attacks with scale, and we can expect to soon see terabyte-sized attacks moving forward.
Modern denial of service attacks are not only interrupting or bringing down services, but distracting security operations teams with a mix of threats that have varying effects on the infrastructure. Such attacks are increasing in frequency, volume and sophistication. Attackers combine volumetric, partial saturation, authentication based and application level attacks until they find the weakest link in the chain of command. These threats, which are becoming more difficult to defend against, are often a precursor for advanced persistent threats (APT). How quickly an organisation can discover and stop these threats is key to ensuring service continuity. Also, the pervasiveness of volumetric DDoS, along with the potential increase in BOTs, requires a hybrid DDoS strategy that combines on-premise WAF with cloud-based scrubbing services.
Mitigating a DDoS Attack
When a company detects that it is under DDoS attack from its on-premise WAF, it switches the incoming traffic to a cloud-based DDOS scrubbing service like that offered by F5 Silverline to detect and scrub the traffic. Once traffic is scrubbed clean, they are sent from Silverline to the company. While this is going on, the company continues to operate as per normal. The scrubbing service effectively mitigates DDoS attacks which aim to bring down services, while enabling the company to continue to operate.