It’s a common theme in films, a hacker shuts down an airport or a train terminal, or hijacks a bunch of driverless cars and uses them to congest a freeway or crash into a building – and the only to get the attacker to stop is a large sum of money. Well, what if we told you this is a real threat, and it’s starting to happen in the real world more and more frequently?
A report from the world’s largest network and server provider, Akamai, in their latest State of the Internet announcement has shown that the attacks we mentioned above aren’t just happening in film anymore, and there’s a very high chance of them happening on a routine basis.
One of the main drivers behind these attacks is, of course, the leaps and bounds in hacking technology and the new technologies that are only just arriving and therefore don’t have any real security or protection available. These technologies like artificial intelligence, biometrics and automation are all relatively new and don’t have any real protections in place. This has allowed hackers to develop ways to throw these services off and bring entire swathes of the service industry to a halt.
Though, the good news is that we aren’t entirely at the point where hackers have the ability to interfering with things like biometric security at airports – or power station grids. Though without proper intervention and security development we could be looking at a cyberwar-like situation.
DDoS Attacks are Improving
There is one massive concern for international web infrastructure, and it surrounds the global frequency of DDoS or Distributed Denial of Service attacks. These attacks work by hijackers taking control of thousands or even millions of devices and directing them to a website or a network to bring it down. These types of attacks are up a staggering 16% over last year and can be extremely damaging if directed to a critical service like banking or emergency services.
A famous DDoS attack in 2007 was directed towards the Estonian banks and other services, which resulted in banks being shut down, television stations being knocked offline and even government websites being brought down.
So let’s step forward over a decade, and you’ll notice that there are now so many more connected devices sitting around waiting to be hijacked by hackers. Think devices like fridges, toasters, speakers and light bulbs. All of these can have their connections hijacked and directed to critical infrastructure, and there’s little that can be done – as there’s no real encryption in place to block access to these devices.
How have these devices been used in attacks recently? Well, in February of this year the world saw the largest DDoS attack ever recorded which pushed over 1.35 terabytes into a software development company’s digital infrastructure in a single second, which completely knocked it offline and even ruined server connections.
DDoS on a National Scale?
Now, it isn’t just companies that are at risk, entire nations are. In Australia and New Zealand, we are connected to the world by the Southern Cross Cable, which as a bandwidth capacity of over 22 terabytes per second, thanks to recent updates. Now, the largest DDoS attack would only use 16% of that bandwidth – though it would majorly slow down the entire country’s access to the internet.
The more dangerous issue here though is that criminals are hijacking devices and keeping them in a connected ‘web’ for later control or with plans of selling this web for clients to use in their own DDoS attacks. Experts are calling this ‘DDoS-for-hire.’
Cybersecurity experts are stating that these attacks and the criminals behind them are getting more and more sophisticated and utilising more devices than ever before to create damaging attacks on global companies. There has been a massive interest in tracking how these attacks work and companies are doing their best to prevent their networks from going down, but there is little that can be done.
It’s obvious that cybercriminals will be looking for the weakest links to attack. It’s not typically the company they care about, its the chaos. So that includes people who don’t have encryption, or those who never update their passwords or even connect to wifi networks that don’t even have passwords. That can include coffee shops and malls with wifi networks that aren’t secure, effectively giving them access to thousands of people’s devices.
Akamai pointed out that last year the biggest target was the tourism market. An insane 3.9 billion log in attempts were made by malicious connections looking to cancel bookings on airlines, cruise lines, car rentals and even hotels! That means if you’re not careful you could have your entire holiday hijacked. Rooms could be changed, flights cancelled or even redirected to the wrong location.
The bigger issue here is for the authorities to find out who is actually responsible for these attacks. Locations of hackers are typically linked to China and Russia, which has also shown that there are a lot of organised groups operating in these countries.
Staying Protected & the Future
Although the general outlook is fairly bleak for the time being, and there are expected to be bigger DDoS attacks towards the end of 2018, there might be a few ways that companies and general citizens can keep themselves safe.
VPNs and IoT Devices
If you have an IoT device or unsecured connected devices, it’s a good idea to have a VPN service connected to your router to give you an added layer of security. These VPNs are going to help scramble your online activity and make it a lot more difficult for cybercriminals to hijack devices. Remember, these criminals aim for the easiest devices, so don’t let yours be part of a DDoS attack.
In April 2018, the Dutch and UK’s cybercrime agencies devised and ran an operation to find and capture people responsible for a DDoS-for-hire website. The owners of a single site, which was behind over 4 million DDoS attacks, were uncovered and arrested during the operation and are awaiting trial. This highlights the high priority of governments looking to stop these attacks.
In general, the DDoS threat is very real and can cause catastrophic effects to society, though the only way the attacks can really be carried out is by utilising devices with little to no security. There is one main way that general users can help prevent these attacks, and it’s by blocking criminal access to their devices. Using VPNs and other security measures for your devices is a great idea and even hosting your IoT devices on an encrypted network is certainly advised.
If you’re considering a VPN to keep yourself and your devices secure, then head over to our VPN Reviews page for more information.