New trends in distributed denial-of-service (DDoS) attacks are emerging every day. Are you in the know?
DDoS attacks can be carried out by a variety of criminals, ranging from individual hackers to organized crime rings and government agencies. In general, however, the crooks methods are the same: Use multiple compromised computer systems to attack a single target, like a server, website or other network resource. The result? That resource becomes instantly inaccessible to its users.
Below are recent trends in how criminals are accessing systems to launch DDoS attacks, along with predicted future trends. Also included are a few best practices to prevent falling victim.
? Personally owned devices. A growing number of DDoS attacks are originating from personally owned devices in the workplace. Its an environment known as BYOD, or bring your own device, and many employers are feeling pressured to establish a BYOD culture to satisfy the needs of an increasingly connected workforce.
? Unsecure Internet of Things (IoT) devices. A large number of IoT devices that are not adequately secured are often attached to equally vulnerable home area networks (HANs). Hackers locate these devices and launch coordinated attacks capable of taking down popular networks and systems. Weve seen this happen to Internet service providers (ISPs) for some of the worlds most popular websites. Attacks like this are expected to increase in frequency.
? Unused apps. Its not unusual for device owners to forget about apps theyve downloaded onto smartphones and other gadgets. These apps quietly collect and transmit data in the background, unbeknownst to the user. This data can be used to plant bots for launch at a later date. That launch can originate from the compromised device, such as a smartphone, or from the inadequately secured (or security-exploited) devices the smartphone communicates with.
? Internet of medical things (IoMT) devices. Bots are loaded onto IoMT devices prescribed and/or used by healthcare providers or obtained by consumers directly from vendors. These devices are almost never properly secured.
? Devices attached to the electric grid. Once again, bots can easily be loaded onto unsecured devices running power grids. I have worked with the National Institute of Standards and Technology (NIST) on smart grid information security, privacy research and risk identification since 2009. Unfortunately, most of the utilities and their vendors are still dismissive of the risks involved and are not building in enough security controls.
? Artificial intelligence (AI). DDoS attacks will increasingly use AI to identify inadequately secured devices.
? Smart automation. Self-driving vehicles, farming equipment, drones and other smart on-the-move devices are generally not well secured. They are likely to become popular targets, as well as tools, of attacks.
? Homeland security. Devices overlooked, missed or ignored by homeland security infrastructure practices could be increasingly susceptible to DDoS attacks. This may be accomplished through hackers or insiders accessing geospatial data through such programs as the Homeland Security Infrastructure Program.
? Government. Politicians who do not properly secure their personal and/or government-based systems may be used as launching points. Just think of the satisfaction hackers will get out of launching attacks from government assets or employees and lawmakers own devices.
BEST DDoS MITIGATION PRACTICES
? Implement security policies and supporting procedures. These should establish the expectations for how systems, applications and networks must be secured and maintained.
? Perform risk assessments. At least annually, and when major network, systems or applications changes are made, perform a risk assessment to identify vulnerabilities and threats, and then take appropriate actions to mitigate the risks.
? Know your systems inside and out. Document, inventory and regularly audit all endpoints and middleware.
? Update and patch systems. Patches are one of the most important cyber security tools, right up there with things like anti-malware software and scanning filters.
? Remove outdated systems. Make sure retired computing devices are completely and irreversibly decommissioned.
? Train employees. Provide effective, interesting, current and regular training to all employees so they can more safely and securely use all business devices.