It’s time for our annual cybersecurity wrap-up. Although we avoid making explicit predictions, we enjoy calling your attention to interesting IT security trends. Some are examples of what’s happening now. Others have the potential to create breathtakingly awful problems for IT security pros in the future.
Table of Contents
DDoS attack and defence trends
In 2018, distributed denial of service (DDoS) attacks were larger, more varied, and more persistent than ever. Within this gloomy framework, three trends will probably affect next year’s IT security operations. Let’s see what the emphasis on specific DDoS protection methods, AI’s role in DDoS attacks, and an inside-out approach to network protection might mean to IT security operations.
Attack protection methods
As DDoS attackers change their focus, so does the demand for specific types of protection. Solution development now focuses on these approaches:
- Application-layer protection. Cyber-crooks now use application-layer (also known as Layer 7) attacks more often than any other attack method. These attacks use stealth to take advantage of vulnerabilities in apps and operating systems. The challenge of these attacks is knowing which signals come from cyber-crooks and which come from legitimate users.
These protection solutions use an extensive set of rules to find, divert, and cleanse networks of malicious traffic.
- SSL DDoS flood protection. Encrypted traffic has become more popular worldwide (70 to almost 90 percent depending on geographic region). Inevitably, SSL-related attacks follow. This type of attack tries to overload SSL connections that establish encrypted internet traffic.
SSL flood solutions gather extensive network operations information, which a proprietary algorithm transforms into a judgment: is an attack in progress? If it is, the attack traffic is blocked.
- Zero-day protection. Zero-day attacks are the sneaks of the DDoS menagerie. Until they are discovered and neutralized with a software update (a patch), they can do damage to the target system. Modern zero-day mitigation solutions use tools that provide a real-time, highly detailed look at network behaviour. Machine learning methods detect atypical patterns of network traffic.
- Human behavioural analysis. As attackers use more advanced techniques, distinguishing between legitimate and malicious traffic becomes more difficult. A new and effective method of detecting and blocking attacks uses complex math to learn what’s “normal” user behaviour for any specific network.
Solutions that use behavioural analysis block all traffic that doesn’t conform to standards of normal behaviour. This approach creates fewer false positives (which divert company resources from normal operations) and ensures a free flow of legitimate traffic.
IT security pros are also paying attention to a different approach to anti-DDoS defences.
New types of attacks, new defence methods
As modern networks evolve, the security emphasis moves to mobile devices and cloud-based services. This new focus makes the ability to monitor and record all activity at endpoint devices an absolute requirement of security success.
In this rapidly changing security environment, there’s been a dramatic shift in how cybercriminals operate. DDoS attacks still use breaking and entering (volume-based) methods. However, more and more attacks include a stealthy entry and a long-term stay.
DDoS attackers now design attacks to linger in target systems—typically for months. Unfortunately, existing outward-facing, perimeter defences mostly fail against these types of attack. Suggested countermeasures to these long-term invasion exploits include extensive use of silent hunting techniques, which include:
- Iron boxing.
- Modern whitelisting.
- Next-generation, anti-virus software that provides deception technology as well as endpoint detection and response capabilities.
- Memory augmentation.
- Adaptable authentication. These methods can enforce two- or three-factor authentication with a biometric live challenge and response.
The immediate concern is for the secure operation of each organization’s IT infrastructure. However, analysts expect that security concerns in the future will extend to partners, suppliers, clients, and customers—anyone in one’s system of trust.
AI poses new DDoS threats
These days, DDoS attacks coming from professional attackers commonly use two or more techniques. The more sophisticated cyber-crooks switch between them during attacks to outsmart efforts to find and neutralize malicious software. In the process of endless evolution, hackers are starting to use AI in their DDoS attacks. AI has already been useful in phishing exploits and evading antivirus programs.
The progress of AI in cybercrime has made IT security pros wonder if it’s time to start worrying. For some, the answer is. “not yet.” AI technology is just too expensive to use in DDoS attacks. That’s why it’s too soon to expect an imminent threat. We should wait until AI is thoroughly commodified and available as an inexpensive technology.
But another, more disturbing possibility has security experts concerned. What happens when cyber-attackers use AI capabilities to invade and pillage IT assets more efficiently? Growing evidence indicates that automated AI capabilities can make DDoS attacks bigger and easier than ever to run—and more likely to succeed.
For example, botnets currently use human-guided attacks based on command-and-control software. AI-controlled attacks promise adaptable bots. In this creepy scenario, each bot would control its own assignment without human attention. The botnet becomes an army of computers working in isolation but attacking a single target with tactics that change defences require.
Change: the only prediction we can guarantee
If there’s one iron-clad prediction that we can make, it’s that these DDoS attack and defence trends will change. We look forward to reporting those changes for you in the coming year.