UPDATED 18:06 EDT / DECEMBER 31 2013

NEWS

CloudFlare CEO predicts a big year of DDoS threats ahead

As we look at what lies ahead in security, we find that subject of DDoS has come up again and again. So we went straight to CloudFlare for some predictions in 2014.  CloudFlare CEO Matthew Prince dropped in to answer some questions about the threat landscape.

Prince: There’s two big trends ahead in DDoS attacks.  First there’s a continued rise in point and click DDoS out there.  This has started in the wild already and is to the point where it’s literally as easy as going to a site, paying a fee and you’re free to launch a large-scale attack at whoever, a competitor, a political target, anyone.  This started with gamers that are busy playing online games and using booter services to elevate their games.  Some advertise as ‘stress’ tests.  We’re seeing this trend growing daily and it’s spreading into the mainstream, even outside the US.  There have been recent major attacks in Singapore, in the Philippines, and reports are coming in all the time.  What this means is there’s a separation of grudge and of skill in the equation with the end result a broadened range of targets that can be launched at anyone.  We’ve seen adoption agencies, nail salons, all kinds of competitive targets out there,- the range is expanding massively mainly because it is driven by point and click and no real technical skills are required.

The other big trend was something we anticipated would happen last spring because there is a seasonality associated with it.   You see there’s a typical bump in DDoS attacks reported around June of every year.  That’s because there’s students coming out of school, around the world really – in Iran, the UK, the US all of them you could categorize as very young parties.  Anyway the prediction was that there would be a severe attack that would be at such a scale that it would cause a big point of disruption to large parts of the internet.  We have seen attacks that are over a terabit in scale and we’re just teetering as an industry on the first significant massive DDoS internet outage, which will have a big impact and cause damage.  We can fully predict that the first of these events will be happening, you can expect that in early 2014.

SiliconANGLE:  That sounds like a lot of trouble.  Yet DDoS has been around a long time and there’s a perception out there that this is a threat that comes and goes.  You endure it and get back to business.  Could you explain how an outage – how could this really happen?

Prince:  There are many cases where the target of the attack, the intended victim is not the only party impacted.  Your average anonymous attack is relatively small.  What is happening today is that some of the tools that really big attackers are using are falling into the hands of the masses.  Now you have all these attack tools proliferating, and it’s just a matter of scale and probability.  The US has 24TB of capacity and that number could be threatened with the scale of some of these existing attacks.  With those kinds of odds, you can coordinate and cause some very big issues, the impact would be huge and at a minimum you will see some significant regional disruptions.

But there’s even more things coming down the pike.  There are more sophisticated attacks on the horizon that will be focused on attacking the underlying routing infrastructure of the internet.  There’s already been a couple of stories out there on this, where targeted attacks on certain US sites were carried out this way.  Internet traffic was rerouted through Baltic countries by changing BGP announcements, altering the flow of information.  BGP, the border gateway protocol is in use all over the world and it is how the internet works by controlling the path of packets across the internet.   The issue is there is no strong authentication to BGP announcements because it is built on a trust model.   This even happens by accident from time to time when some ISP puts in a wrong entry, and it takes time to overcome that.  Imagine that in the hands of attackers intentionally seizing internet traffic control – it’s something that is a soft target and we can expect that if it’s not fixed soon, this will be a confirmed target.  If there’s good news in any of this it’s that this kind of attack is more sophisticated and requires the attackers to be network engineers basically so there’s hope for pre-emptive improvement.

 

We’ll pick the conversation with Matthew Prince back up in a follow-up.   He shares some thoughts on internet control, how the security industry can improve, and what CloudFlare is doing to scale up to the threats of the future.  


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU