Increased volume of cyberattacks requires new approaches to defending the castle
IT security professionals that are feeling the strain caused by a significant spike in the number of cyberattacks being launched apparently are not alone. A new security report for the third quarter from Akamai finds the number of web application attacks increased 69 percent year over year. That follows a 30 percent increase in the previous quarter. Most of those attacks are exploiting well-known vulnerabilities because they continue to work. For example, SQL injection attacks continued to be heavily employed. The report finds this attack vector increased 19 percent this quarter, and 62 percent since last year.
Martin McKeay, senior security advocate at Akamai, says that despite all the attention paid to elaborate zero-day threats most IT security issues involve some type of human error involving, for example, the failure to patch an application. Whenever feasible cybercriminals are going to look for the path of least resistance. Most of them are not going to take the time and effort required to create a sophisticated attack when a rudimentary one accomplishes the same goal, says McKeay.
What is changing is that cybercriminals are leveraging bots and other forms of automation to increase the volume of attacks they can launch. In fact, the Akamai report notes that a Mirai and WireX strains of malware highlight the vast potential of new sources Internet of Things (IoT) and mobile computing devices that can be commandeered to create massive armies of botnets.
The rise of those botnets only serves to make the job of the average IT security administrator that much more difficult. Cybercriminals are playing a percentage game. They know if they increase the volume of attacks they will be able to penetrate more applications. Botnets allow them to scale their attacks at a minimal additional cost, so the return on investment (ROI) on creating a botnet army is high.
[clickToTweet tweet="#Botnets allow cybercriminals to scale attacks at a minimal additional cost via @mvizard #infosec" quote="'Botnets allow cybercriminals to scale attacks at a minimal additional cost' ~ Mike Vizard"]
Because of these issues, many organizations are building more elaborate defenses. For example, microsegmentation using virtual overlay networks provides a means to contain an inevitable breach. McKeay also notes that content delivery networks such as the one Akamai operates also add an additional defense perimeter because of the security technologies that Akamai implements. IT security is moving well past the idea of defending the proverbial castle wall. There are now moats in the form of CDNs, concentric walls created using virtual networks, traps and murder holes that were used to contain attacks in the event of a breach of the outer wall, and keeps where the most critical intellectual property, also known as crown jewels, are stored.
Of course, just like in medieval times the primary constraint was the traffic needed to get in and out of the castle, which meant gates needed to be created to secure points of entry. However, short of pounding down the walls of these castles using a cannon, most castles eventually became impregnable to attack unless, of course, somebody snuck in and opened the gate.
Most of the concepts applied to IT security today date back to the fortification of castles. The problem is that most people today don’t really appreciate the science that went into building those castles, so instead, they wind up taking an approach to IT security that more closely resembles a wooden fort than a stone castle.
There’s no doubt that organizations going forward are going to invest in a higher level of IT automation to make sure that applications are up to date and that security technologies are regularly updated to defend against both new threats and variants of older ones. But as powerful as any IT security technology there really is no substitute for a well-thought-out layered defense strategy that most medieval rulers would easily recognize.