Regarding IoT, see here. 5G is definitely on the way. The two are interconnected because more and more IoT devices are being deployed, and the supply of IoT services—especially services rich in video content—is growing. Mobile bandwidth will increasingly be required, and 5G promises to meet this demand.
The picture is quite rosy, but there’s a catch—the proverbial fly in the ointment that no one discusses—we all know that DDoS attacks are a real and growing threat. In this post, we’ll lay out the argument that 5G increases the DDoS threat, and as a result, requires stronger protection than today’s traditional strategies can provide.
We think everyone can agree that DDoS attacks are a reality that shows no sign of going away! It seems like every month we hear about a new, record-breaking DDoS attack, and it’s no wonder that many types of DDoS attacks are called floods—one is even called a Tsunami—because their impact is devastating. They flood and overwhelm network resources, including elements like firewalls designed to ensure network security.
Thus, DDoS attacks pose a threat to everyone online, but why are they growing in both size and frequency? One reason is that the explosive proliferation of IoT devices provides hackers with growing opportunities to launch these attacks. IoT devices bring significant value to their users – remote automated metering, security cameras, smart utility grids, and much more. However, most IoT devices are essentially stripped-down, single-purpose computers with little or no security. They can easily be hacked and turned into botnet soldiers, triggering ever-increasing floods of DDoS attacks.
The second reason DDoS attacks continue to grow is the easy financial gain. DDoS attacks can include ransom demands, or they can be a way to harm a competitor: either by harming a business or using the attack as a smokescreen to cover up the cybertheft of trade secrets. In both cases, the attacker profits. A third reason is that hacktivists increasingly recognize DDoS attacks as an easy way to punish ideological enemies, whether government or corporate, with the greater the publicity the more powerful the DDoS traffic flow. DDoS attacks can also be a form of nation-state cyberwarfare, both to cripple operations and as a smokescreen to conceal the subsequent theft of state secrets.
Another reason these attacks continue to grow is that, while technologically sophisticated, the tools needed to launch them are widely available and easy to use. As highlighted by the recent downing of a major international service, there is a huge industry for hiring tools to carry out paid DDoS attacks.
Communications service providers (CSPs) are often targets of DDoS attacks themselves, but even when they’re not targeted, their networks are the environment, and they suffer from excessive traffic, which can hinder their ability to provide services to their numerous customers, who aren’t actually targeted but merely innocent bystanders. The cost of these attacks is high.
These costs, of course, are both direct and indirect – they can include service level agreement (SLA) penalties to affected enterprise customers, costs incurred by overloaded call centers, efforts to restore or replace affected infrastructure, additional purchases of new infrastructure, and, of course, costs associated with reputational damage. Attempts to prevent customer churn, advertising campaigns, and discounts to regain customers and restore reputation – or attract new customers – all contribute to the cost of these attacks.
So, what does all this have to do with 5G?
Well, the exponentially increasing adoption of high-speed bandwidth means that, in addition to the wide range of incentives, the easy availability of attack tools, and the rapid growth of IoT-related attack sources, a significantly greater number of attacks will be possible due to the fact that the “5G highway” will have many more lanes to support significantly higher traffic volumes—both beneficial and malicious. According to Brijesh Datta, Chief Information Security Officer at Reliance Jio, “5G bandwidth will easily increase internet connection speeds, with each person having 1 Gbps of bandwidth, thereby enabling attacks to become more drastic.”
In this environment, more than a third of CSP customers expect CSPs to protect them from these attacks. They expect security, not just connectivity, and CSPs are trying to address this. Traditionally, they use several methods to combat DDoS attacks, but all of them are limited when it comes to such large-scale attacks.
A Comprehensive Solution: Traffic Scrubbing Centers
Traffic scrubbing centers work by detecting an incoming attack—typically through periodic sampling of network traffic thresholds and human intervention—and rerouting all traffic to a specialized data center, whose function is to inspect each packet, remove the attack content, and then send the clean data packets back to the CSP network.
As Frost & Sullivan note, this solution is quite problematic for the following reasons:
- Cost: The cost is high, due to the additional network resources and human labor required to redirect such a large volume of traffic.
- Quality: There is a high likelihood of quality degradation during an attack due to the time it takes to divert, sanitize, and return the sanitized traffic flow.
- Accuracy: In the case of asymmetric traffic, requests and corresponding acknowledgment packets (which often form an amplified attack) do not always travel the same routes, making it difficult to determine whether the traffic is legitimate or illegitimate.
- Evasion: Attackers have adapted to this solution by exploiting a loophole related to sampling frequency and using short-term but very large traffic bursts to bypass the sampling mechanism.
Low-Cost Solution: Integrated Systems
These solutions don’t rely on traffic sampling because they operate embedded within the system, but:
- They weren’t designed to handle CSP-scale traffic;
- They don’t handle asymmetry for the same reasons mentioned above;
- They don’t monitor outbound traffic, and therefore don’t mitigate outbound attacks;
- They can’t prioritize legitimate, high-priority traffic during attacks.
Comprehensive solutions are too expensive for most CSPs and ultimately have limited effectiveness. Low-Cost solutions aren’t well-suited for CSPs. What’s needed is a new, cost-effective approach that both addresses today’s challenges and can easily scale to handle tomorrow’s larger, more unknown attacks, protecting CSP networks and customers, all the time and on time.
