By Alex Tam, MD, Equinix Hong Kong
Those of us with an eye on Asia’s technology market will have noticed the rapid rise of two trends that threaten to create the perfect storm: the Internet of Things (IoT) and Distributed Denial of Service (DDoS) mitigation.
The quick adoption of new exploitable internet devices across the region has meant that in addition to the usual PCs, printers, smartphones and cameras, there’s a proliferation of smart meters, home health hubs, baby monitors, electric vehicle charging stations, infotainment head units, and wearables that are vulnerable to attack.
According to the Hong Kong Security Watch Report released by the HKCERT earlier this year, the number of botnet security events rose 77 percentbetween the last two quarters of 2016. The top botnet was Mirai malware, which targeted IoT devices.
Likewise, last October a large Singapore telco and internet service provider was hit by a distributed denial of service (DDoS) attack. The official cause of the attack was a botnet of vulnerable internet-connected devices.
According to IDC, Asia-Pacific will be the frontier for IoT, with 8.6 billion things expected to be connected by 2020. But with Gartner predicting that in the same time-frame, more than 25 percent of identified attacks in enterprises will involve IoT – Asia is also set to be the frontline of IoT related cyberattacks.
DDoS attacks have evolved to be complex, sophisticated and diverse whilst an increasing number of IoT devices are being adopted for business and consumer use. As a result, security defenses need to be deployed and designed to keep pace. Many of the new IoT devices that have come flooding into the market have default administrator user names and passwords. With users often unaware of the need to reset these, hackers have an easy way to exploit the devices for use during a DDoS attack.
Couple this with the incredible ease with which these attacks can be perpetrated and you begin to see what is driving this increase in magnitude. A budding hacker just needs to fill out an online form and pay for small fee to hire the services of a Botnet-for-Hire provider who can launch attacks for them.
DDoS Attacks Have Evolved To Be Complex, Sophisticated And Diverse Whilst An Increasing Number Of IoT Devices Are Being Adopted For Business And Consumer Use
So, the question becomes, what can enterprises do to protect themselves? The first step is to establish best practices in DDoS mitigation. This means understanding the latest DDoS trends, as well as the risk and potential impact of such an attack to an organization.
This means keeping pace with DDoS attacks that have moved beyond the simple large volume attacks of the past few years, to sophisticated, dynamic combinations of stealthy multi-vector application-level attacks. Access to continuous threat intelligence is also critical to understanding and defending against attacks. Even Mirai has evolved to a higher level of sophistication since last year’s cyberattack, developing source address spoofing capabilities and other new features that can lead to even larger multi-terabit size attacks.
Combatting this requires a multi-layered approach to your DDoS security, that includes on-premise, in-line protection and intelligent communication with your Internet Service Provider or Managed Service Provider, so they know how and when to deploy their own DDoS defenses.
And, of course, organizations need the right people in place to maintain these defenses and respond effectively.
Besides having the right people and remedial plan in place, there are interconnection approaches that can mitigate DDoS attacks.
Traditionally, enterprises have tended to centralize all their systems and information together, creating one big target. Using interconnection, enterprises can disperse their systems out at the digital edge, thus reducing the attack surface area.
In addition, by leveraging an Interconnection Oriented Architecture (IOA) strategy, enterprises can develop direct, dedicated connections to partners and cloud providers that make it considerably more difficult for botnets to reach them. This approach can also offer increased protection thanks to proximate, private connections to the DDoS security providers and locally collocated ecosystems at the edge.
Some other basic principles that can help to mitigate the impact of DDoS attacks:
• There can be circumstances in which companies might want to consider confusing attackers by, for example, presenting them with false information to create confusion and wasted efforts
• Centralized computing makes for a fatter target. Organizations can benefit from dispersing their IT capabilities by making their critical functions harder to pinpoint and attack
• Organizations need to be sure their device and software vendors are obtaining standard security credentials for their products, and that those credentials are easily updated. Their vulnerabilities will become yours.
In summary, the sophistication, volume and frequency of DDoS attacks expected to impact Asia via the weaponization of the IoT is likely to only get worse. Enterprises need to arm themselves with every defense they can, and direct and secure Interconnection is a good place to start.