The DDoS Battle

In the many years I’ve been testing and analysing the security side of IT, one evident point is that the classic forms of attack: identifying common vulnerabilities and Distributed Denial of Service (DDoS), are still the most prevalent and successful to this day.

It was interesting therefore, to chat earlier in the week with Nokia Deepfield – the network analytics and DDoS solutions arm of Nokia – about a survey the company has recently released around the state of DDoS.

Nokia Deepfield global analysis shows most DDoS attacks originate from fewer than 50 hosting companies

At the heart of the survey was an examination of Service Provider traffic over the Internet between a commendably extensive period – Jan 2020 to May 2021. This also happened to coincide with the pandemic and therefore greater strain on t’Interweb and – equally – greater opps for the cyber attackers.  As COVID lockdown measures were implemented in 2020, Nokia Deepfield noticed a 40-50% increase in DDoS traffic. Further supporting this noted opportunity was the revelation that there was more than a 100% increase in daily DDoS peak traffic between the start and finish period. That is, in technical terms, a LOT. Yet, intriguingly, that multi-terabit attack traffic largely originated from fewer than 50 hosting companies and regional providers. It therefore begs the question: what scale could DDoS attacks rise to?

DDoS attacks are especially problematic with respect to applications requiring low latency, notably real-time apps such as video. So, how are the majority of the world now communicating with each other… What is scary is how readily available on ye olde regular Internet, not the dark one, DDoS guns for hire are. Put simply, anyone with a few bitcoins in their wallet can summon and control a DDoS attack. Like ransomware, it has become a billion-bitcoin industry in its own right.

So, if you have eCriminals, you need eDetectives to track them down, which is where Nokia Deepfield comes into the picture. The aim behind its Defender product – as the name implies – is to provide fast and accurate DDoS detection and mitigation of these enormous DDoS attacks at the network edge: remember we are talking petabyte levels of data here globally, across multiple network layers., so this is a big deal – DDoS attacks can literally ruin businesses overnight.  The key to the mitigation is in identifying the actual source of the attacks, fingerprinting said attacks and preventing them from recurring. In this way, DDoS protection moves from being a “nice to have” to an essential requirement for all forms of xSPs and their own underlying customer bases.

We are talking large scale everything here: attacks, data, potential losses… It will be interesting therefore, to watch this space and Nokia Deepfield itself, not least because I have been looking at a complimentary space recently c/o some analysis of old client Kemp Communications’ recently acquired Flowmon tech – report on the way, so watch this space on that front too. This really is a very serious matter and the move to WFH/WFA, the endless rise and near unlimited scaling of IoT and masses of endpoint devices out there make that potential attack surface larger by the minute.

The fact that anyone can play at being a bad guy for a few ePennies just makes the whole situation every scarier. But fear not – we are siding with the good guys, well I am anyway 😊 and the recent sessions I’ve enjoyed have been absolutely reassuring. After all, Hollywood can’t be wrong – the good guys always win!

Meantime, if you want to look at the Nokia Deepfield DDoS survey in more detail, you’ll find it right here:

Data Center
Data Management