By Gaurav Mohan, VP, SAARC & Middle East, NETSCOUT
For the past few years, network operators have been working around the clock to support a rapidly expanding Internet of Things (IoT) landscape with billions of devices, as well as to meet the skyrocketing demand for bandwidth and throughput caused by remote work and increased investment in digital initiatives. By deploying upgraded infrastructure and accelerating 5G and other high-access timelines, network operators have dramatically improved their capabilities when it comes to faster, high-volume connectivity.
Unfortunately, as much as these network upgrades help businesses and individuals connect and grow in ways that were unimaginable just a few years ago, they also increase the potential for major security vulnerabilities.
The Growing Threat of IoT Malware
Online threats continue to proliferate at an alarming state. According to the NETSCOUT 1H 2022 Threat Intelligence Report, there are over 500,000 compromised devices infected with IoT malware capable of launching distributed denial-of-service (DDoS) attacks. In the first half of 2022 alone, 5.5 million unique adversary IPs attacked NETSCOUT customers, which is another significant statistic from the report. Overall, the threat of malware and botnet DDoS attacks is escalating, and the ongoing expansion of internet capacity exacerbates the potential problems.
According to a report by Help AG, the UAE experienced a 183% rise in DDoS attacks from 2019 to 2020 – and a further increase of 37% in 2021, with multi-vector attacks becoming particularly problematic. In 2021, 58% of DDoS attacks in the UAE were multi-vector, up from 45% in 2020.
Protecting against Attack
The rapid evolution of the internet over the past few years has accelerated variations in attack vectors and methodologies that permit DDoS attackers to circumvent conventional defences and countermeasures.
Moreover, the increased bandwidth and throughput deployed by network operators, coupled with the expanding volumes of abusable devices, further increases the potential for new types of large-scale DDoS attacks.
The traditional approach of network operators against DDoS attacks has been carrier-grade network address translation (CG-NAT), which cannot be used to protect newer online devices and services that utilise protocols that do not reside behind NAT and are therefore unprotected. Existing DDoS defence strategies centred on attack detection, classification, traceback, and mitigation have worked well for inbound traffic. However, outbound and cross-bound DDoS attacks utilising today’s more robust operator infrastructures can be equally devastating.
Suppressing Adaptive DDoS
Adaptive DDoS suppression strategies are crucial due to the adaptive capabilities of DDoS attacks today, with adversaries conducting extensive pre-attack reconnaissance to identify specific weak points. Attackers are also employing botnet nodes and reflectors/amplifiers that are topologically adjacent to targets, thereby minimising the administrative boundaries that DDoS attack traffic must traverse and minimising the frequency of opportunities to stop such attacks.
An adaptive DDoS suppression defence extends DDoS defence to the network’s periphery, including peering and customer aggregation points of presence (PoPs). This enables network operators to restrict DDoS attack traffic as it enters the network edge, preventing it from becoming a widespread attack.
By deploying edge-based attack detection, intelligent DDoS mitigation, and network infrastructure-based mitigation techniques at all network ingress points, operators can deploy adaptive DDoS suppression systems that scale to counter DDoS attack capacity and adversary innovation.
What has worked for network operators in the past is no longer a viable long-term solution. Instead, network operators must change their approach, adapt to the new threat landscape, and transition from a default posture of DDoS mitigation to a new paradigm of adaptive DDoS suppression.