In cybersecurity and fashion, what’s old is new again

iv class="columns small-12 single-post-content_text-container">

While distributed denial-of-service (DDoS) attacks and zero-day threats are nothing new in cybersecurity, they’re still happening regularly for a simple reason: They work. In early November 2023, OpenAI blamed a DDoS attack for intermittent ChatGPT issues, and one of the largest known denial-of-service attacks hit major internet companies in October. The same group of bad actors — Anonymous Sudan — has taken credit for both the ChatGPT attack as well as the one that hit Cloudflare in October.

While DDoS attacks historically stemmed from vulnerabilities in Internet protocols (e.g., SYN flood, Smurf attack), the focus later shifted to Internet of Things (IoT) devices. These new kids on the block were easy to infect through some combination of misconfiguration and zero-day exploits, and unfortunately, they still are. It’s time to take a closer look at why these attacks are back with a vengeance and how to make sure your organization’s anti-DDoS strategy is well-bolstered.

History Repeats Itself

Mirai, one of the largest-scale DDoS attacks back in 2016 and 2017, heralded a shift in attack methods that continues today. Bad actors launch attacks on device vulnerabilities, infect them en masse, and then use them to execute DDoS attacks. A vulnerability in a device will arise and be widely infected, leading to the “patch, rinse, repeat” cycle. Industry reports suggest DDoS overall is on the rise. One infrastructure company reported a 200% increase from 2022 to 2023.

Correlated with this rise in DDoS, CISA officials have reported a surge in zero-day exploits in the past six months and, together with the FBI, recently warned about the latest vulnerabilities in Atlassian solutions — potentially resulting in lots of vulnerable Internet-facing devices. That’s not to mention Cisco’s disclosure of a Web UI-based critical zero-day that infected more than 40,000 devices. What’s behind this surge? Unfortunately, new vulnerabilities will always crop up despite constant improvements. A lot of work goes into trying to make sure that doesn’t happen, but developing new technologies is hard and prone to human error.

The IoT Pain Point

Vulnerable IoT will continue to contribute to the rise in DDoS attacks. The ecosystem remains relatively unregulated; there aren’t yet minimum-security controls before a device can come online. There’s more momentum for the concept of “security by design,” but it’s still early days. So, there’s nothing that requires a device manufacturer to have good security hygiene.

Meanwhile, new tech vendors without experience in securing devices are entering the market — and their devices are coming online in waves. That means there will be more DDoS attacks targeting IoT devices. This is going to make security painful for a while.

The Dark Side of New Protocols

IoT threats aren’t the only concern on the DDoS front. In efforts to upgrade existing Internet infrastructure, new network protocols have been developed to enhance the performance of aging protocols. HTTP/2 was developed to improve many of the shortcomings of the original HTTP protocol, but new flaws in this protocol have made many web servers vulnerable to a new “rapid reset” attack. This vulnerability will likely linger for years until vulnerable Web servers are patched or upgraded. This specific threat highlights the challenge of developing secure protocols, but this isn’t unique to HTTP/2. Every time a new Internet protocol is introduced, security pros gradually find and address new vulnerabilities. As a result, issues in newly developed or older network protocols will continue to enable new denial-of-service attacks.

Staying Ahead of the Curve

With DDoS and zero-days on the rise, cybersecurity professionals must take stronger steps to protect their organizations. In 2024, there’s an opportunity to take a closer look at your security policies and procedures, especially concerning the services and devices your organization uses.

The prevailing wisdom has moved beyond a castle-and-moat perspective to realizing that breaches are inevitable. The question is how quickly you can detect and deal with a breach once it happens. There have been cases where a breach has lasted a long time because companies didn’t know what to do or had to take drastic measures and take their systems offline.

A robust strategy for stopping DDoS attacks should address the following aspects:

To read the complete article, visit Dark Reading.