DDoS: It's About Internet Insecurity
Why Aren't We Addressing the Core Problem?Over the past few months, distributed-denial-of-service attacks on U.S. banks have garnered great attention.
See Also: Cybersecurity Awareness Engagement Toolkit: Elevate Your Security Culture
But what we've failed to address is the core problem: Internet insecurity, which enables attackers to wage massive attacks with botnets that continue to grow.
I've spoken to many security experts about why DDoS attacks are so successful, and they echo what Mike Smith of Akamai Technologies, an Internet platform provider has to say: "It's an Internet health issue."
Outdated and vulnerable versions of Web applications, such as WordPress and Joomla, as well as organizations' own content management systems, make it all too easy for attackers to compromise vulnerable websites and use them as launching pads for attacks aimed at U.S. banks.
"Those outdated systems are actually impacting other organizations on the Internet," Smith says.
This sort of vulnerability was recently identified by DDoS-prevention and Web security provider Incapsula, which blogged about a website in the U.K. being used to launch DDoS traffic against U.S. banks.
Through a review of intercepted traffic coming from the site, Incapsula discovered attackers were attempting to operate it as a back door for bot traffic.
In this case, taking over the site was easy. The administrative password was "admin/admin."
Unfortunately, site takeovers such as this are common, and these takeovers are fueling DDoS and other junk traffic on the Internet.
"This is not really new, and it has been used on multiple occasions from multiple sites," says DDoS expert John Walker, who serves as chairman of ISACA's Security Advisory Group in London. "A real estate site in Orange County [Calif.] was used recently as a back door, and then from that site multiple attacks were mounted. At that time, I understand the owner of the site was contacted, but they said it was not impacting their operations, so it was allowed to continue and was used for multiple attacks against multiple sites."
Tackling Internet Insecurity
DDoS and other online attacks thrive on Internet insecurity. Until we lock down the Web's weak spots, we'll never make progress.
But who should be in charge of spearheading the cleanup?
That's the question security experts are now asking, and it doesn't appear they'll find an answer anytime soon.
Getting governments involved is a good first step, but only as a catalyst for more information sharing, as we've seen in the U.S. with the DDoS cases.
In the end, the solution will rely on increasing IT awareness, because attackers have too many weak sites at their disposal.
Network providers have the knowledge, and if government can get them in the same room with the IT vendors and ISPs, there could be hope for more Internet cleansing.
But the Web is so vast. Facilitating that kind of communication among so many parties would be daunting for anyone. And it's going to take more than the U.S. government. DDoS and other attacks are a global problem.
What's the Next Target?
Today, U.S. banks are the target, but tomorrow, it could be government agencies or even healthcare providers.
The expected length of these attacks has piqued concern as well. No organization or industry can withstand ongoing attacks for years on end, even if they've been successful at staving off online outages for a few months, as the financial industry has done (see DDoS: Lessons from Phase 2 Attacks).
So how can we prevent DDoS attacks from growing by improving Internet security? No one yet has the definitive answer.
But a good place to start is by spreading the word and increasing awareness about problem areas, such as outdated applications and other bad habits.