Fastly recently published its end-of-year post looking at the evolving DDoS landscape.
Fastly has scaled rapidly since its founding in 2011 as a CDN into an edge cloud platform serving more than 10% of all Internet requests worldwide, putting it in a strong position to track global traffic patterns and provide cyberdefense services for its customers. It has fast been developing its cybersecurity side, and recently noted its goal to provide virtual patches to web applications before security breaches occur.
In the recent post on the evolving DDoS landscape, researchers Ryan Landry and Jose Nazario looked back at the history of DDoS attacks and noted that over the last 20 years, DDoS attacks have become front page news that have everyone talking. This is often because they’re linked to big stories such as the Olympics or the 2016 election. They are an easy way for people to achieve their goals – whether creating a fuss, silencing opposition or putting a rival out of business.
Fastly observed that the most significant recent DDoS attacks have all involved harnessing the power (and vulnerable security) of multiple IoT devices to link to big networks and thus create massive botnets. The most notorious of which involved the Mirai open source malware used against security blogger Brian Krebs and in a separate attack against infrastructure provider Dyn, both in Q3 2016. Both were launched via a large number of connected hacked IoT devices, including CCTV security cameras and digital video recorders.
They also noted that the nature and complexity of DDoS attacks is subject to extreme variance – based on whether you’re being attacked directly or indirectly, and at what area the attack is aimed at i.e. the application, the kernel, or the network itself. Sometimes they morph into a different type of DDoS as they are taking place as attackers try to evade defenses.
In addition, Fastly notes “an uptick in bitcoin-enabled extortion”, which offers ample opportunity for attackers. Industry researchers are closely tracking the new IoT Reaper botnet, which has not yet launched a DDoS attack of note, even though it has infected over a million devices.
Fastly also point out the way in which DDoS attacks are becoming more complex and that attacks can even change tactic midway through as attackers attempt to evade defenses.
As attackers become more sophisticated in their attack strategies, thus CDNs like Fastly must also become more adept at defense. As Fastly says, “each side must expect different amounts of work to achieve their aims, with the defender typically paying more money than the attacker”.