Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

2/16/2021
01:00 PM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Under Attack: Hosting & Internet Service Providers

The digital universe depends on always-on IT networks and services, so ISPs and hosting providers have become favorite targets for cyberattacks.

In less than a decade, cybersecurity has become a critical systemic issue for the world economy. More than ever, modern life and international commerce depend upon a functioning and accessible Internet. According to Cisco, 66% of the global population will have access to it within two years, by which time there will be 5.3 billion total Internet users. Further, more than 70% of the global population will have mobile connectivity, and the number of devices connected to IP networks will be three times greater than the total number of people on Earth.

In this context, cyber incidents and attacks are flourishing, but they're nothing compared to what will happen as the majority of the world joins the digital mainstream. And since ISPs and hosting providers are at the leading edge of the digital tidal wave, it's no surprise that they've become prime targets for cybercriminals.

Related Content:

Zero Trust in the Real World

Special Report: How IT Security Organizations are Attacking the Cybersecurity Problem

New From The Edge: Fighting Fileless Malware, Part 2: Countermeasures

Attacks Are More Costly to Combat
For organizations, building cyber resilience is growing more complex and costly. Accenture's "9th Annual Costs of Cybercrime Study" reports that malware, Web-based attacks, and distributed denial-of-service (DDoS) attacks are the most expensive attack types and are "the main contributing factors to revenue loss." But some sectors are victimized more often than others. For ISPs or hosting providers — and e-commerce, online gaming, and gambling — uptime is paramount, and every minute of downtime equals money lost. In 2020, a quarter of enterprise respondents reported the average hourly cost of server downtime ran between $301,000 and $400,000, as highlighted on Statista.

Botnets on the Warpath
The root cause of these financial setbacks are cybercriminals who use every means at their disposal — or "carpet bombing" — to exploit network vulnerabilities to cause havoc, extort money, or both. Carpet bombing is an example of an attack type that is becoming ubiquitous due to the easy availability of cheap DDoS services on the Dark Web. Almost anyone can pay for a botnet to seriously disrupt the company or government agency of their choice. The rapidly expanding Internet of Things (IoT) might also explain the rise in carpet bombing, since most devices are poorly protected against hostile takeovers and easily converted into bots.

ISPs and hosting providers are like red flags to carpet bombers. Some lack basic DDoS mitigation tools, while others use outdated ones. The results are predictable. In November 2018, customers of the Cambodian ISPs EZECOM, SINET, Telcotech, and Digi suffered a week of intermittent connections caused by a 150 Gbit/s DDoS attack. A few months later, a series of carpet-bombing DDoS attacks crippled a South African ISP for an entire day.

Extortion on the Rise
Since mid-2020, a new type of extortion campaign has moved into the spotlight. Cybercriminals claiming to be part of the nation-state-backed groups Fancy Bear, Lazarus Group, and the Armada Collective delivered ransom demands in emails that threatened the recipients with DDoS attacks of up to 2 Tbit/s unless they made a 20-Bitcoin payment within a week. Many organizations ignored the emailed threats without consequence. Others — including some well-known ones — suffered substantial operational setbacks as a result of subsequent attacks, as reported by the FBI.

The FBI attributed previous extortion campaigns in 2017 and 2019 to the same cybercrime groups, which at that time targeted financial institutions, retailers, and e-commerce firms.

Attacks Growing Exponentially
But carpet bombing isn't the only cyber threat out there. There are scores of others, and they're increasing in number and frequency so quickly that it's becoming increasingly difficult to beat them off using traditional tools or on-site appliances. One reason for this is that current attacks can be more than 100 times larger than a company's available pipe or backbone. As a result, the entire system collapses and all traffic (including legitimate IP traffic) is blackholed for hours or days. According to the US Department of Homeland Security, the scale of attacks has increased tenfold in recent years, and "it is not clear if current network infrastructure could withstand future attacks if they continue to increase in scale."

In October 2019, Amazon Web Services (AWS) was hit by a major DDoS attack roughly eight hours long that prevented users from connecting. The attack caused AWS to miscategorize legitimate customer queries as malicious. Google Cloud Platform experienced problems at roughly the same time, but the company says the incident was unrelated to DDoS. In February 2020, AWS reported a 2.3 Tbit/s attack — in other words, a little under half of all the traffic that telecom BT sees on its entire UK network during a normal working day.

Conclusion
Hosting providers and ISPs are increasingly being exposed to cyber threats, but during the pandemic, as use of these services has skyrocketed, cyberattackers have broadened their reach to include targets in vertical markets such as e-commerce, online gaming and gambling, healthcare, and educational services (think homeschooling).

No DDoS mitigation solution is foolproof, so it makes sense for organizations to beef up their existing tools with as much timely and reliable threat intelligence as possible. By blocking bad actors from their networks, ISPs can avoid falling victim to carpet-bombing attacks that can cripple their operations. If they're attacked, they should never pay a ransom. Doing so only emboldens the bad guys and supports further criminal activity.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29043
PUBLISHED: 2021-05-17
The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middle a...
CVE-2021-29044
PUBLISHED: 2021-05-17
Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary we...
CVE-2021-29045
PUBLISHED: 2021-05-17
Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_redirect_web_internal_portlet_RedirectPor...
CVE-2021-29046
PUBLISHED: 2021-05-17
Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_categories_admin_web_portlet_AssetCategoriesAdminPortl...
CVE-2021-29053
PUBLISHED: 2021-05-17
Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) CommerceChannelRelFinder.findByC_C.