DDoS Shifting the Frontlines

On Friday Oct 21st 2016 we witnessed an extremely powerful DDoS attack against Dyn that led to the disruption of some of the world's most used Internet services including Netflix, Amazon and Salesforce.com. This attack on the Domain Name System or DNS, which is sort of a Phonebook for the Internet, was not more sophisticated or coordinated than other smaller scale attacks. The target for this attack was chosen very wisely as Dyn is a linchpin for hosting services and major providers for companies like Netflix or Salesforce.

That said, there is nothing surprising about the ability for attackers to scale their DDoS for this type of carnage. There were two dimensions used to amplify the DDoS bandwidth we have witnessed:

1. The availability of higher speed internet service providers used by the hosts in the attack. Whether at home or through cellular networks the upload bandwidth increases the capacity of a single participant device significantly. In the past few years it's reasonable expect cellular rates and home Internet bandwith upload speed of 100 Mbits/second. Meaning with 100 hosts you could rival most carriers in terms of speed and the scales tip in the attackers favour.

2. The (very) weak security around smart network connected devices and mobile platforms. This contributed to a significant increase of number of devices participating in botnets used in DDoS attacks like this one. This is where the increasing trend in weak IoT devices begin to pose the threat promised by analysts during their adoption at home and office networks.

It is safe to assume that over the next couple of years the DDoS attacks will be more frequent and grow more powerful as the bandwidth capabilities of companies offering DDoS protection service may not increase by the minimum amount required to stay ahead of the game.

These are not doomsday predictions, but a sign that the game plan in DDoS protection should shift its focus from increasing the pipe to protecting consumer endpoints against malicious threats such as malware and network access control on a wider scale from providers and networks across the country.

This year the security industry will increase in size on average 25% and has put emphasis once again on endpoint protection, realizing that an actual end-user device has been left behind in the security evolution. Unfortunately, this is happening too slow and too late and not at a large enough scale. Advanced endpoint protection has only begun making its way into large enterprises and is cost prohibitive and often unavailable on the consumer level leaving us open to repeat attacks like the one last week.

In addition, the current products still focus more of traditional desktop OS and less on mobile and IoT devices. IoT devices present bigger threat because of pure volumes and traditional open source and rapid software development approaches to the manufacture of these devices. Consumer education is also lacking, with most of IoT user not realizing the security threat behind the devices they connect to home networks and Internet.

Before the effective endpoint protection solutions will reach critical mass and be adopted by the consumer it will be up to Internet Service Provides to become the front line of defence against DDoS in the future. The fight is about decreasing the number of infected devices participating in botnets not shifting bandwidth inbound to blackholes. As seen with Krebsonsecurity some DDoS providers such as Akamai and Lastline cannot sustain a true targeted high-bandwidth attack forever, they are temporary mitigations which can still leave networks vulnerable. This means a service provider will need to police customers and connected devices with a solution, similar to a modern NAC, where a permission to connect to a network or Internet will be granted only to devices that have acceptable minimum security configuration and a capability exists to disconnect devices from the network based on indicators of compromise.

While the approach may seem radical and will not be accepted by any freedom of communications proponents, this is the only logical solution in fighting malware infections in the same way as government forces vaccinations to reduce health risks to the public. This is the next move in DDoS war is shifting the front line form the business to the consumers telecommunications providers. They will define whether we can win this battle in the recent future. We continue to invest in our IntelliGO technology to drive down the cost and complexity in finding and mitigating insecure device access without all-out denial of network connectivity. Our CEO, Khaled Mansour covers this more in his article and road trip to China Here

Social Media Updates

Wed May 17 14:54:15 +0000 2017

Wed May 17 13:47:48 +0000 2017

How our customers can protect themselves from WannaCry Ransomeware attack: https://t.co/d6zmUx5R9Y
Sat May 13 18:29:59 +0000 2017

Ransomware WannaCry now hits 99 Countries! over 75,000 Cases! https://t.co/ediq2Llt1f https://t.co/4B5TlX8cxd
Sat May 13 18:28:34 +0000 2017

Largest Cyber Attack in History NSA Vulnerability leads to Ransomeware across dozens of organizations… https://t.co/1F1nddOQ12
Sat May 13 18:25:15 +0000 2017

IntelliGO MSS Platform Version 6.0 Unveiling at GISEC 2017 in Dubai FREE TICKET GIVEAWAY : https://t.co/78IbJHoxd6 https://t.co/EgSFzWf2Sw
Sat May 13 18:19:53 +0000 2017

Happy Holidays to Everyone from IntelliGO Networks. This year our card helps test your Malware Defenses (Safely) -> https://t.co/fgeOZJ8fib
Wed Dec 21 14:33:50 +0000 2016

Fri Dec 09 05:40:17 +0000 2016

Fri Dec 09 05:33:08 +0000 2016

Wed Nov 30 20:58:30 +0000 2016

Time is running out Join us This Tuesday, Nov 29th 11:30 AM @ Culinaria Mississauga Register:… https://t.co/7IZXT7IFSi
Mon Nov 28 00:51:50 +0000 2016

Thu Nov 17 05:00:23 +0000 2016

Thu Nov 17 04:52:31 +0000 2016

Join IntelliGO & Palo Alto Networks Advanced Endpoint Prevention Event Nov 29th 11:30 AM @ Culinaria Mississauga… https://t.co/NXI7QJkUa3
Thu Nov 10 18:54:59 +0000 2016

Tue Oct 25 01:25:39 +0000 2016

Mon Oct 24 19:50:46 +0000 2016

Mon Oct 24 18:15:00 +0000 2016

Mon Oct 24 18:14:38 +0000 2016

Mon Oct 24 18:13:57 +0000 2016

Mon Oct 24 18:13:12 +0000 2016

From Goblin Panda to Flying Kitten: the latest online security threats - http://t.co/UEWv1GdDGa
Fri Feb 13 15:45:15 +0000 2015

Hackers can get into most 'connected cars' - http://t.co/Pzi8j2NM6g
Thu Feb 12 20:28:56 +0000 2015