On the 20th Anniversary of DDoS, Prepare for the Future

According to MIT Technology Review, July 22, 2019 marked the 20th anniversary of the world’s first distributed denial of service (DDoS) attacks. On that day in 1999 “a computer at the University of Minnesota suddenly came under attack from a network of 114 other computers infected with a malicious script called Trin00.” Since then, the nature of DDoS attacks has changed dramatically, and DDoS mitigation defenses have responded in turn. Cyber criminals have changed their tactics, often launching short, sub-saturating, attacks designed to evade detection. At the same time, they are leveraging the Internet of Things, to create botnets, which make it easier to launch volumetric attacks, as well as inflict more damage; the largest to date measuring in at 1.2 terabits per second. Another factor in increasing the frequency of DDoS attacks is that DDoS-for-hire sites have made it easy and inexpensive. Attacks can be launched for just a few tens of dollars per month, and there is virtually no technical barrier to entry because it requires no knowledge of coding, just a simple Internet search for the services.

The author of the MIT Technology Review article wrote: “An important question is whether networks could or should be modified to include a kind of distributed defense against these attacks. For example, one way forward might be to make it easier for ISPs to filter out spoofed data packets. Another idea is to make data packets traceable as they travel across the internet.”

ISPs Can (and Some Do) Protect Against DDoS

It does make sense for ISPs to lead the charge against DDoS attacks, because they serve as the Internet gateways and can eliminate the DDoS threat closer to the source, more effectively dealing with attacks of all sizes. The truth is, ISPs already have the opportunity to filter out spoofed data packets, by using modern DDoS defense technologies that provide inline, near-instantaneous mitigation which can surgically remove DDoS attack traffic, while allowing good user traffic to flow uninterrupted. The challenge is whether you can get all ISPs worldwide—yes, all of them—to deploy such technologies.

Getting universal technology adoption across the telecommunications industry is difficult and, ultimately, unlikely. However, more and more ISPs are deploying DDoS mitigation solutions, be it the latest advanced always-on DDoS defense solutions, a more traditional out-of-band scrubbing service, or a hybrid combination of the two. By deploying DDoS protection at the top of the funnel, they protect their own infrastructure while offering a comprehensive security solution to their customers, delivered as a paid-for managed service. It’s a win-win situation; for ISPs it turns a threat into an opportunity, and for ISP customers it’s much more effective, less costly, and less complicated for them to secure DDoS protection from their existing, trusted, provider.

Regarding the MIT author’s suggestion to have ISPs mark a sample of data packets, that’s an interesting concept, but law enforcement would still have a monumental task of tracking down the criminals ultimately behind the attacks. One must remember that cybercrime is truly international, which can make it challenging to find and punish the perpetrators. Law enforcement must continue to play an increasing role in curbing cyber criminals but, ultimately, it’s a team effort between telecommunications companies and solution providers to tackle the DDoS problem more effectively.

The Future of DDoS Attacks in the 5G Era

What’s more important than reflecting on the past 20 years of attacks, is to prepare for the coming years of DDoS. One thing we do know for certain, is that DDoS attacks are a damaging problem that won’t go away anytime in the foreseeable future. And, with the rollout of the next generation of wireless communications, known as 5G, Corero foresees a sharp increase in DDoS attacks. The 5G devices themselves will be more powerful, and have access to more bandwidth, making them juicy targets to be enslaved into DDoS botnets. As these more powerful 5G-capable smart devices come online, ISPs will present a larger attack surface, which makes them bigger targets for malware, security breaches and, of course, DDoS attacks. ISPs face a significant challenge to secure their increasingly complex and exponentially faster networks in an era where DDoS attacks have grown in frequency and sophistication. In preparation for this sea change, it is critical that they deploy always-on, real-time, automated and granular protection to prevent DDoS attacks from disrupting their own network-based service offerings, as well as those of their customers.

For over a decade, Corero has been providing state-of-the-art, highly-effective, automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s diverse deployment models, click here. If you’d like to learn more, please contact us.

Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.