For the telecoms industry, 2019 is the year of 5G writes Adrian Taylor. Service providers are in a race to roll-out 5G services that will empower the next generation of smart devices and the Internet of Things (IoT). With its massive increase in bandwidth speeds, ultra-low latency and dramatic expansion in geographic coverage, 5G is destined to bring with it vast opportunities, subsequently driving a plethora of new IoT use cases and exponential growth in connected devices.
While all of this sounds great, every opportunity brings threats and, notably in this case, cyber security risks. For example, as more powerful smart devices come online, the networks hosting these devices will have a larger attack surface which makes them bigger targets for malware, security breaches and, of course, DDoS attacks. It also increases the opportunity for those devices to be harnessed for the purposes of launching damaging DDoS attacks against other targets.
Only last month, we released a report which highlights key observations surrounding the growth in DDoS ‘weaponisation’ from last year. Some of the key points made are well worth noting:
Attackers leverage vulnerabilities in the User Datagram Protocol to spoof the target’s IP address and exploit the vulnerabilities in the servers that initiates a reflected response. This strategy amplifies attacks by producing service responses that are much larger than the initial requests.
DDoS Botnet weapons
Attackers are leveraging malware-infected computers, servers and, increasingly, IoT devices that are under the control of a bot herder, typically from a DDoS-for-Hire service. The resulting botnet is used to initiate stateful and stateless volumetric network and application attacks.
Top sources of weaponry
While the nature of DDoS attacks is distributed, data has highlighted that DDoS weapons with a high level of concentration come from Internet-connected populations that are the most dense. China specifically highlighted 4,374,660 followed by the USA at 3,010,039. The report also shows that there’s a growing trend towards DDoS weapons being hosted in the cloud. This is attributed to the influx of mobile devices and the growing adoption of the cloud. This has changed the way in which networks and applications are delivered. Weapons are now evolving alongside the new technology trend.
These top line observations highlight the challenge for the modern enterprise. The focus of an enterprise’s DDoS defence should always be on the users. After all, they drive the business and, when access to critical services is down, employees opt to go home or use unsecured methods. Enterprises need comprehensive, cost-effective defences to ensure services are available and users are protected. This is where the adoption of a resilient and sophisticated two-pronged DDoS defence alongside a threat intelligence solution is the most effective for complete attack coverage.
Cloud with on-premise solution
A two-pronged defence approach offers help for the most demanding pf network environments. Previously, industry conversations surrounded cloud versus on-premise solutions, but enterprises need to have a solution that offers both. Cloud scrubbing is an important part of enterprise defence when attack volume grows beyond the capacity of a business’ Internet coverage, but cloud-only scrubbing has limitations due to how it works.
Enterprises need to complement this solution with an on-premise solution that mitigates all classes of DDoS attacks. This includes fast detection and mitigates intervals down to 100 ms. On-premise defence solutions allow attacks that are undetectable by cloud scrubbing to be blocked, such as low and slow application attacks.
Sophisticated DDoS threat intelligence combined with real-time threat detection and automated signature extraction will allow businesses to defend against the most massive of multi-vector attacks. Actionable DDoS threat intelligence enables a proactive approach to DDoS defences by creating blacklists based on current and accurate feeds of IP addresses of DDoS botnets and vulnerable servers commonly used in these types of attacks.
In the next few years as 5G networks become operational, we will see the size of attacks grow substantially. Enterprises need to look beyond the traditional security methods. We see the cloud and distributed nature of DDoS attacks creating the opportunities for enterprises to take a proactive approach by focusing on key tactical solutions to enable better protection.
This is where a solution that encompasses a varied approach such as threat intelligence, cloud and an on-premise solution will help enterprises combat the upcoming threat that comes with the opportunity of next generation 5G.
Adrian Taylor is Regional Vice-President of Sales at A10 Networks