While distributed denial-of-service (DDoS) attacks and zero-day threats are not new in the world of cybersecurity, they still occur frequently for the simple reason that they work.
In early November 2023, OpenAI blamed DDoS attacks for intermittent ChatGPT issues, and in October, a large internet company suffered one of the largest known denial-of-service attacks. The same group of Anonymous Sudan claimed responsibility for both ChatGPT and Cloudflare's attacks.
While DDoS attacks have historically stemmed from vulnerabilities in Internet protocols (e.g., syn floods, smurf attacks), the focus has since shifted to Internet of Things (IoT) devices.
These newly added blocks are susceptible to infection through a combination of some misconfigurations and zero-day vulnerabilities, and unfortunately, they still are. Now it's time to take a closer look at why these attacks are making a comeback and how to ensure that your organization's anti-DDoS strategy is well supported.
MiRai was one of the largest DDoS attacks of 2016 and 2017, heralding a shift in attack methods that continues today. Malicious attackers exploit vulnerabilities in devices, infect them in large numbers, and then exploit these vulnerabilities to carry out DDoS attacks.
Vulnerabilities in the device will emerge and become widely infected, resulting in a cycle of patching, flushing, and repeating. Industry reports show that DDoS attacks are on the rise overall. An infrastructure company reported a 200% increase in costs from 2022 to 2023.
Related to the rise in DDoS attacks, CISA** has reported a spike in zero-day exploit attacks over the past six months, recently working with the FBI to warn of the latest vulnerabilities in Atlassian solutions, which could make many internet-facing devices vulnerable. Not to mention a critical zero-day web UI-based vulnerability disclosed by Cisco that infected more than 40,000 devices.
Unfortunately, despite constant improvements, new vulnerabilities always pop up. We do a lot of work to make sure this doesn't happen, but developing new technology is hard and prone to human error.
The vulnerable Internet of Things will continue to lead to an increase in DDoS attacks. The ecosystem is still relatively unregulated, and there are no minimum security controls in place until a device goes live. The concept of design security has gained more momentum, but it is still in its early stages. So, there is nothing that requires equipment manufacturers to have good safety and hygiene.
At the same time, new technology vendors with no experience in device security are entering the market, and their devices are coming online in waves. This means that there will be more DDoS attacks targeting IoT devices. This will be painful for security personnel for some time.
IoT threats aren't the only problem with DDoS attacks. In order to upgrade the existing Internet infrastructure, new network protocols have been developed to improve the performance of aging protocols. HTTP 2 was developed to improve on many of the shortcomings of the original HTTP protocol, but new flaws in the protocol leave many web servers vulnerable to new quick reset attacks.
This vulnerability can last for years until the fragile web server is patched or upgraded. This particular threat highlights the challenges of developing a security protocol, but this is not unique to HTTP 2. Each time a new Internet protocol is introduced, security experts gradually discover and address new vulnerabilities. As a result, problems in newly developed or old network protocols will continue to enable new denial-of-service attacks.