How the Internet of Things turned DDoS into a monster and how to slay the beast
By Arthur Zavalkovsky, AVP Product Management and Strategy, Allot
Service Providers are experiencing troubling times, owing to the rise in frequency and severity of attacks that can completely disable their networks.
In the last quarter of 2016 alone, the record for the largest DDoS attack by volume was broken three or four times.
Why has this huge escalation occurred, and how can we stop it?
Putting things in context
To put the current situation into context, in 2014 the average size of a DDoS attack was approximately 7.39 Gbps. Big attacks like the 400 Gbps attack on Spamhaus in 2013, were not typical. The attack in Hong Kong at the end of the following year reached 500 Gbps, but by 2016, DDoS attacks had grown alarmingly. Attacks greater than 100 Gbps increased 140 percent year-over-year from Q4 2015. When Dyn, the DNS infrastructure provider, was attacked in October 2016, the estimated throughput of the Mirai botnet was 1.2 Tbps, making it the largest ever attack, vastly exceeding the incident a month earlier against cyber-security journalist Brian Krebs, which was 620Gbps. Notably, seven of the twelve Q4 2016 mega attacks, with traffic greater than 100 Gbps, can be attributed to Mirai.
The Internet of things has become the Internet of Threats
DDoS isn’t new, but what’s relatively new is the proliferation in ways to distribute malware and amplify its effects. This is achieved by hijacking large numbers of Internet-connected devices. Their connections to networks and to each other create fertile conditions for malware to spread. It has become easier to find and infect an agent for attacks
Connected devices have a vast range of functions, from those used in public infrastructure and industrial control systems to those used domestically and in transport such as printers, baby monitors, residential gateways and the connected car.
The fast growth in the Internet of Things is based on devices being produced rapidly, with cheap hardware and operating systems that have little or no security measures. Those with security often have simple default factory settings that are easily breached. Consequently, many connected devices can act as entry points for malicious attacks, when infected. Together they can form a massive botnet army, capable of attacking networks with enormous volume.
The challenge to legacy security solutions for service providers
Service providers did not expect the severity and size of these new threats to their network security.
Until these developments began, they often relied upon the insurance of scale. Put simply, they knew their networks could handle a certain volume of illegitimate traffic, so they focused on protecting customers rather than protecting their networks. Now, DDoS attacks have become so large that they can affect the whole network.
And it has become far less effective to use scrubbing centers because the speed of attacks means it takes too long for the huge amount of traffic to get diverted, scrubbed and returned to the network, before it gets overwhelmed by more infected traffic. Cloud services face the same challenge when filtering and cleaning high volumes of network traffic.
Previously, the limited scale of infection meant that it could be mitigated at the end-point. But now the volume of attacks generated by IoT botnets is such that infections can rapidly reach the network core and from there, outbound attacks are generated. So it has become imperative to identify and mitigate much earlier, at the network core, to address threats of outbound as well as inbound attack. To achieve this effectively, solutions must be inline and carrier-grade, with the capacity to handle large volumes of traffic in real-time. This is where Allot has helped protect customers throughout the world from the most aggressive DDoS attacks.
Learn more about how Allot DDoS Protection provides the most comprehensive security solution for your network. Click here.
Or contact us here to arrange a more detailed discussion with an Allot representative.
 Akamai, State of the Internet Security Report, Q1, 2017: https://www.akamai.com/us/en/about/news/press/2017-press/akamai-releases-fourth-quarter-2016-state-of-the-internet-security-report.jsp
 Akamai, State of the Internet Security Report, Q1, 2017.