For the last few years, the size and sophistication of hacker attacks have exceeded the records set in previous years.
Unfortunately, 2016 continued this trend.
From a year filled with unprecedented security incidents, here are some events worth noting.
Record-Breaking DDoS Attacks
As the year began, a large-scale attack was underway on cloud hosting provider Linode.
Although it “severely” disrupted service for several hundred thousand Linode customers, it wasn’t one of the year’s record-breaking attacks. (We’ll get to those in a moment.)
Nor was it noteworthy for its complexity. The attack was rather straightforward. (It consisted of Layer 7 attacks — “400 Bad Request” — followed by simple volumetric assaults.)
But it is worth noting the way that the target responded.
As Linode explained in the link above, their default response to DDoS is:
“…a tool we use to protect ourselves called remote-triggered blackholing. When an IP address is ‘blackholed,’ the Internet collectively agrees to drop all traffic destined to that IP address, preventing both good and bad traffic from reaching it… [B]lackholing is a blunt but crucial weapon in our arsenal, giving us the ability to ‘cut off a finger to save the hand’ — that is, to sacrifice the customer who is being attacked in order to keep the others online.”
The post then went on to explain why this strategy was tried, and failed. (Turns out that this particular attack was structured in such a way that blackholing didn’t help.)
The interesting thing here is not that blackholing failed, but that it was tried at all. Blackholing is an obsolete strategy that shouldn’t have been used.
In the past, blackholing was a valid response to an overwhelming volumetric attack. Today, it’s not.
Today, cloud web security can be used to mitigate even the worst DDoS assaults. The cloud can intercept attacks before they even reach your network (scaling bandwidth automatically as needed, to absorb even the largest attacks), scrubbing the traffic with near-zero latency, and allowing only legitimate users through. No blackholing is necessary.
If Linode had been using the cloud to its fullest potential, its customers would not have been blackholed and knocked off the Internet. They would not have been ‘fingers who were cut off to save the hand.’
The hand could, and should, have been saved with all of its fingers intact.
Please note that we’re not criticizing Linode specifically here. They’re just one of many organizations who are still not taking full advantage of the cloud. Without the cloud, these organizations must still rely on previous-generation strategies. They’re using security appliances to filter their traffic, and then blackholing their customers when the appliances are inevitably overwhelmed.
And that’s unfortunate, because other events in 2016 prove that obsolete strategies are becoming even more damaging to those that still use them.
This year, we saw multiple massive DDoS attacks, each of which shattered the previous record for size.
Last year’s record was 500 Gbps. This year, KrebsOnSecurity was hit with an attack that reached 620 Gbps.
A few days later, an attack on hosting provider OVH reached 1 Tbps.
Then in October, domain name provider Dyn was assaulted with a multi-wave attack, the largest ever recorded. It had a reported peak rate of 1.2 Tbps.
In this environment, previous-generation DDoS mitigation strategies don’t apply. When hackers can wield this amount of bandwidth, any individual network will be overwhelmed. The only way to defeat attacks at this scale is to harness the bandwidth of the global cloud.
Record-Breaking Data Breaches
2016 was also a record-setting year for the revelation of previous data breaches. Various companies announced the compromise of a cumulative 2.2 billion user records.
This includes VK.com (171 million records), the Friend Finder network (400 million), MySpace (427 Million), and of course Yahoo (500 million in September, and another one billion in December).
This year demonstrated that large data breaches are not only getting more common, they’re also getting more costly for the victims.
And of course, we also saw hacking and data breaches being used as a political weapon — another exceptional development.
Record-Breaking Cybercrime Payoffs
2016 also set a new standard for the potential profits of hacking.
This year, authorities arrested the masterminds of a massively profitable cybercrime operation. This small group of hackers perpetrated a handful of data breaches, and used them to generate hundreds of millions of dollars.
Previously, most hackers were content to resell their stolen data on black markets for relatively low amounts. Now it’s been revealed that the potential profits for illicit activities are much higher. Hackers now have more reasons than ever to wage larger, more sophisticated cyberstrikes on legitimate businesses.
Therefore, this year’s trend of record-breaking attacks will probably continue in 2017 and beyond.