Imagine if a hacker shut down the baggage handling system of one of the world’s busiest airports. Or took control of a fleet of autonomous delivery trucks and re-routed them to disrupt rush hour traffic in a major metropolis. What if the hacker then demanded a ransom to unlock the digital networks they’d hijacked?
According to the latest State of the Internet report from Akamai, one of the world’s largest providers of computer servers and networks, these scenarios aren’t fantasies of some distant dystopia. They are just around the corner.
Technology continues to evolve with advances in artificial intelligence, automation, biometrics and a rapidly expanding Internet of Things. With this comes an increasing and potentially catastrophic risk of malicious actors bringing digital infrastructure and the societal services that rely on it to a grinding halt.
Even if we’re not quite there yet, there are several worrying trends highlighted in the report that show what cyber security professionals are already confronting.
DDoS for hire
The first concern relates to an increasing frequency and volume of Distributed Denial of Service (DDoS) attacks — up 16% in the last year. These attacks bombard computers with huge amounts of data. They are used by malicious actors to disrupt and delay networks and make them unavailable to their users.
The most famous DDoS attacks were against Estonia in 2007, shutting down banks, media organisations and government ministries.
Fast forward a decade and the volume of data harnessed in such attacks has increased exponentially. According to the Akamai report, the largest DDoS attack in history was recorded in February this year against a software development company. It involved a data flow of 1.35 terabytes (1,350 gigabytes) per second.
The Southern Cross Cable connecting Australia and New Zealand’s internet has an estimated overall capacity of greater than 22 Tbps — due in large part to recent upgrades. Such a high-volume attack directed at a single choke point could have a big impact on transcontinental and national internet speeds.
Perhaps even more concerning is that DDoS technologies are being commercialised and sold to cyber criminals on “DDoS-for-hire” websites.
They’re also becoming more sophisticated. Previously seen as a fairly simple way of exploiting internet traffic, the latest DDoS attacks exhibit more novel ways of creating “botnets” (networks of compromised computers) to redirect data flows against a target. According to the Akamai report, attackers have been paying attention to mitigation efforts and changing the nature of their attacks as they unfold.
Cyber criminals will invariably look for the weakest links. This might be individuals who never update their passwords and use unidentified Wi-Fi networks without due diligence. Or it could be particular commercial sectors that are lagging behind in cyber security standards.
The Akamai report highlights that in the last year organised cyber criminals are increasingly targeting the tourism market. A staggering 3.9 billion malicious login attempts occurred during the last year against sites belonging to airlines, cruise lines, hotels, online travel, automotive rental and transport organisations.
Finding out who is responsible is a trickier problem. Evidence suggests that exploitation of hotel and travel sites is mostly emanating from Russia and China, and it’s possibly the work of organised cyber criminals targeting tourists for easy gain. But more work needs to be done to map cyber crime and understand the complex criminal networks that underpin it.
It’s not all doom and gloom
While the report warns of larger more destructive DDoS attacks before the end of 2018, it’s not all doom and gloom. The potential for cooperation is also evident.
In April 2018, the Dutch National High Tech Crime Unit and the UK National Crime Agency ran the appropriately named “Operation Power Off”. This targeted a DDoS-for-hire site that was responsible for somewhere between four and six million DDoS attacks over its lifetime. The successful operation led to arrests and likely criminal prosecutions.
These sorts of high level cyber crime collaborations are growing in frequency and strength. Our own national Computer Emergency Response Team (CERT) in New Zealand, for example, is working with its Australian counterpart — and CERTs all around the Asia Pacific region — to identify and counter cyber crime.
The New Zealand government is currently consulting on a “refreshed” national cyber security strategy, and new powers have been invested in the Australian Signals Directorate to combat, prevent and disrupt cybercrime committed outside of Australia. So it appears Trans-Tasman responses to these problems are growing teeth too.