Protecting infrastructure against botnet attacks

According to a recent Akamai report, the largest DDoS attacks have increased greatly in strength, doubling in attack size during 2016. The report finds that these attacks are “bigger, more complex, and require more expertise to defend against than past Distributed Denial-of-Service (DDoS) attacks”. What makes this worse is that they are apparently not limited to a specific industry.

To date the Mirai Botnet and the Internet of Things Mirai malware has harnessed hundreds of thousands of smart-connected devices. It installs malware, achieves control, and builds a global army by gaining access to devices with weak default passwords. Each infected device then scans the Internet to identify and infect more vulnerable devices while waiting to be comandeered for a DDoS attack.

The Internet of Things (loT) comprises billions of devices that can send and receive data and are present in homes, offices, and the community. loT devices infected by Mirai malware include residential security and entertainment equipment, such as Internet cameras, digital video recorders (DVRs), and routers.

What happens when connected devices go rogue

On October 21, 2016, Internet of Things-fueled DDoS attacks on Dyn Managed DNS infrasture prevented user access to major web properties in the U.S., including Twitter, Spotify, PayPal, and others. The attack demonstrates that in addition to direct attacks, organizations also need to manage the risk of DDoS attacks against the Internet’s central infrastructure.

Akamai’s report also stated that Mirai source code and how-to instructions for building a botnet were leaked publicly by a malicious actor. Within two weeks of the release of the code, Akamai observed the first round of updated capabilities. Because millions of deployed loT devices have lax security and vulnerable firmware, they are a ready source of DDoS fuel. The Mirai botnet will continue to grow, both in numbers and strength.

DDoS Attacks on a DNS Service Provider In a report from Forrester after the Dyn attacks, the researchers wrote, “Many of the businesses affected by the attack were unable to recover because they had introduced a single point of failure in their services by relying on a single primary authoritative DNS provider, lacking a secondary authoritative DNS provider”.

Guarding against DDoS

Companies such as Akamai have defended against DDoS attacks for nearly two decades and protected customers and maintained infrastructure availability, even while withstanding the largest DDoS attacks of the time.

On its end, Akamai continues to investigate and report on new threats, such as the threat advisory issued in August 2016 for what is now known as the Mirai botnet. It continues to evolve procedures and platforms to stay ahead of those with malicious intent.

As DDoS attacks grow larger, the need for more comprehensive network monitoring grows and customers should seek out robust platforms to help in the defense of their property.

Leave a Reply

Your email address will not be published. Required fields are marked *