What is the number one biggest threat or the fastest growing cyberthreat that people can expect to see in 2013?
From my perspective as an availability security professional, the biggest threat that we will face in the next year is the growing size and complexity of DDoS attacks. Recently, three distinct trends have emerged with DDoS attacks:
- Attacks against SSL. These attacks hit web sites on https://, and cause substantially more severe resource depletion than plain text traffic. DDoS mitigation systems do not protect against these attacks, which at many organizations could result in a complete system outage with even a very small attack. To defeat SSL attacks, organizations will need to begin overprovisioning systems to absorb the malicious traffic or create web application firewalls (or WAF's) that decrypt the SSL traffic, filter the attack, and then reencrypt the confirmed clean traffic. This is something for which most organizations will not be prepared.
- Increased size of large attacks. We're now seeing many more attacks on UDP and TCP protocols that are multi-10G and in excess of 9 million packets per second. As these attacks become the new norm, organizations will need to begin upgrading their DDoS mitigation capabilities. Many existing devices and service providers will encounter obsolescence.
- Increased complexity of application layer attacks. Also known as Layer 7 attacks, these are typically against web servers and are designed to deplete the resources of the server without the administrator being able to determine which connections are malicious, preventing the attack from being identified and filtered. In response, organizations will need to ensure that their security capabilities are sufficient to address this issue. While products and service providers can assist, the best defense begins with competent in-house security professionals who are capable of building basic defenses against the problem. Similar to SSL, well-configured WAF's are helpful [in preventing] these attacks.
What is facilitating the problem?
These threats have existed for several years, but are becoming more severe and common place with advances in malicious hacker capabilities, increased availability of internet infrastructure and bandwidth, and a culture in the security community where professionals errorneously rely on others to defend them. We fear that before long the only organizations who will be able to exist on the internet are those who have substantially invested in defending their systems and networks against DDoS attacks. Should this occur, the cost of security at nearly every company will increase dramatically and this expense may be passed along to other businesses and consumers.
What specific measures can people take to address the threat?
In recent years many organizations have begun to defend themselves by purchasing protection services and security appliances, but as attack size and vector continues to mature these measures will become obsolete. As a result, many organizations will endure increased costs and system downtime while attempting to address this problem.
- Jeffrey A. Lyon, President of Black Lotus Communications