Recent years have seen the disturbing convergence of two trends: the explosion in the number of Internet of Things (IoT) devices and the ramp up of distributed denial of service (DDoS) attacks.
According to the latest stats from BI Intelligence, 34 billion devices will be connected to the internet by 2020, with IoT devices representing 24 billion connections and traditional computing devices making up the rest. And while DDoS attacks aren’t anything new, they’ve intensified in recent years as more IoT devices connect to the network. And as communications service providers (CSPs) continue to innovate with even higher bandwidth speeds, these trends will only accelerate, putting added pressure on them to maintain quality of service (QoS).
Mirai DDoS attacks, which ranged from 600 Gbps to more than 1 terabit per second, were launched last year against security blogger Brian Krebs, French web host firm OVH, and DNS provider Dyn which caused disruption to many major websites and online services including Twitter, Spotify, Amazon, Paypal, GitHub, Netflix, and CNBC. In fact, seven of the 12 mega DDoS attacks in the fourth quarter of 2016 can be directly attributed to the Mirai botnet, which harnessed IoT devices for these attacks.
While the size and scale of DDoS attacks has grown over the years, it is only expected to grow larger. Deloitte predicts there will likely be hundreds of millions of gigabit-capable connections worldwide by 2020. In fact, Deloitte not only sees DDoS attacks scaling up to over 1 Tbps, but it expects to see massive attacks of this size occur at a rate of once per month. Attacks that large will be a challenge for any company, regardless of size.
CSPs struggle with DDoS attacks using IoT botnets
CSPs are feeling the effects of DDoS attacks employing IoT botnets, either as intended or unintended targets. In addition, customers are experiencing DDoS effects directly or as collateral damage. This can be a problem for CSPs with regard to service level agreements that specify a minimum quality of service.
While CSPs have traditionally relied upon their networks’ ability to handle large amounts of traffic, the volume of DDoS attacks has become so large that the attacks threaten to overwhelm network infrastructure.
One approach to deal with DDoS attacks has been the use of scrubbing centers, where traffic is analyzed and malicious traffic is removed. But these centers have become less effective with high volume DDoS attacks because it takes too long for the DDoS traffic to get scrubbed and returned to the network. Cloud services face a similar issue when filtering and cleaning high volumes of traffic.
DDoS attacks using IoT devices overwhelm defenses, and are vital to identify and mitigate early at the peering point to prevent any impact on the CSP customers’ network. Bot infected IoT devices are also an effective vehicle for spreading malware to more IoT devices some of which may reside on the CSP network; as a result malware can rapidly reach the network core and generate outbound DDoS attacks. It is vital to identify and blockmalicious bot activity much earlier, at the network core, to address threats of outbound attacks which can damage the CSP reputation.
In the era of IoT botnets, a DDoS mitigation product should combine the advantages of an inline appliance and a centrally coordinated DDoS mitigation model and should support asymmetric routing, application identification, and session awareness, according to Frost & Sullivan.
Products that are deployed inline and centrally coordinated, combining dynamic DDoS detection and mitigation measures with deep packet inspection-based policy controls, should have a prominent position in CSPs’ DDoS mitigation strategies.
In the face of DDoS attacks harnessing IoT botnets, CSPs should employ DDoS mitigation services to protect their networks and gain a competitive edge over competitors, offering DDoS mitigation to their own customers as a value-added feature or as a premium service.
