Imagine going to the frontlines of a battlefield wielding a sword and shield only to come face to face with fighter jets from the opponent instead. The crackdown against DDoS attacks is like an arms race enterprises have to face by evolving their weapons and defences against a cyber felon. As attack rates have grown, so has their impact. Despite an increase in DDoS defence spend, Neustar’s recent study found that 90 percent of organisations were hit by breaches that stemmed from DDoS offensives.
IoT as a DDoS attack tool
Just like the hallmarks of a fighter jet are its speed and manoeuvrability, the emergence of cloud computing and IoT devices has streamlined the infrastructure of today’s connected world. As IoT progressed from a stage of nascence to an enterprise driver capable of maintaining inventory levels, delivering real-time metrics on shipments and powering autonomous vehicles, organisations are left with their hands full in attempts to secure the enterprise value chain.
This year was inevitably a watershed moment in IoT security; headlined in the form of IoT botnet Reaper or IoT Troop. The perpetrators infected over a million organisations worldwide by infiltrating routers and smart devices – far more sophisticated than the 2016 Mirai IoT botnet that exploited weak passwords and infected major websites across the U.S. such as Twitter, Netflix and the New York Times.
What’s more dangerous is that some of these attacks were used as smokescreens to disarm an organisation’s cybersecurity shield while simultaneously causing a temporary relaxation of networking defences to alleviate the effects of the DDoS. Neustar found that more than half (51 percent) of Asia Pacific organisations reported falling prey to viruses stemming from DDoS attacks. As IoT adoption increases, the number of IoT-driven botnets is only set to escalate, presenting attackers with more opportunities to elude detection.
The IoT Culprit
In Asia Pacific, IoT devices remain a tempting target for DDoS attacks – more than 78 percent of enterprises experienced attacks while their IoT devices were in operation. To make matters worse, once attackers get hold of vulnerable IoT devices and exploit the security deficiency, it becomes nearly impossible to prevent infection without issuing a security update or recalling the affected devices. With 89 percent of organisations suffering a breach, including data theft, dangerous ransomware, and network compromise with DDoS attacks, the dream of a connected world might be a disaster in the waiting.
True to its name, the IoT botnet Reaper spreads through the security gaps in IoT software and hardware causing massive destruction at one go – amassing more than 20,000 devices and affecting 2 million hosts that have been identified as potential botnet nodes.
Better Detection = Greater Protection
As attacks scale in complexity, organisations need to prime themselves to be at the vanguard in the fight against cyberattacks. The average organisation needs a couple of hours to definitively detect a DDoS attack with reaction times getting longer – translating to greater vulnerability.
Through an Asia Pacific lens in Singapore, organisations in the financial services sector could be staring at revenue losses upwards of US$15.2m when six hours is taken to respond to a DDoS attack. In Hong Kong, the figure stands at US$29.9m for breaches in the public sector. This threat represents a new reality where the strikes have morphed beyond standard and commonplace into dangerous and continuous. The financial risks alone can exceed far beyond a quarter of a billion dollars and drives home the point that speed in detection and response is an ally to risk mitigation practices.
Neustar found the top three organisational motivations behind DDoS defense investments, namely: preserving customer confidence, prevention of associated attacks including ransomware and proactively strengthening existing protection. It should come as no surprise that those who seek to harm companies use DDoS as a weapon.
There is however, a silver lining. Businesses are acknowledging this threat by deploying Web Application Firewalls (WAF) that filter, analyse and isolate HTTP traffic stemming from web application security flaws. In fact, 53 percent of respondents have added WAF to their combat arsenals against DDoS – tripling in numbers since March 2017.
The future ahead will offer opportunities for bad actors to devise craftier ways to launch far more dangerous DDoS attacks capable of distracting IT teams and stymieing forensics. Understanding the right combination of defences is crucial and this can be achieved by working with security consultants to develop strategies and law enforcement bodies to provide maximum protection for stakeholders, only then will we be able to remain ahead of the curve on the battlefield and defeat the attackers.