For the telecommunications industry, 2019 marked a turning point: the rollout of 5G. Service providers raced to deploy 5G networks that promise to power the next generation of smart devices and expand the Internet of Things (IoT). With dramatically higher bandwidth, ultra-low latency and wider geographic coverage, 5G creates new business opportunities and enables an explosion of connected devices and innovative IoT use cases.
But with these opportunities come heightened cybersecurity risks. As more powerful smart devices connect to networks, the overall attack surface grows, making networks more attractive targets for malware, data breaches and distributed denial-of-service (DDoS) attacks. At the same time, compromised devices can be recruited to launch damaging DDoS assaults against other targets.
A10 Networks recently published a report that highlighted several trends in the weaponization of DDoS attacks. Key findings from that analysis include observations about amplified attack techniques, botnet-driven assaults and the geographic concentration of attack sources.
Amplified attack techniques
Attackers commonly exploit vulnerabilities in UDP (User Datagram Protocol) services to spoof a victim’s IP address and trigger reflected responses from vulnerable servers. Because the servers’ replies are often much larger than the initial forged requests, this reflection technique amplifies the volume of traffic directed at the target, dramatically increasing the impact of the attack.
Botnets as DDoS weapons
Many attacks are orchestrated by bot herders who control networks of compromised devices—infected computers, servers and an increasing number of IoT devices. Such botnets are often rented through DDoS-for-hire services and can launch both volumetric and application-layer attacks, using stateful and stateless techniques to overwhelm network and application resources.
Concentrated sources of attack traffic
Although DDoS attacks are inherently distributed, analysis shows that a high volume of weaponized traffic originates from regions with dense internet-connected populations. The report cites China and the United States as leading sources by sheer numbers of hosting endpoints. It also notes a growing tendency for attackers to make use of cloud-hosted infrastructure. As mobile device adoption and cloud services expand, attackers adapt—hosting attack infrastructure in the cloud and changing the delivery patterns of both legitimate services and malicious traffic.
These findings underscore the challenge facing modern enterprises: protecting users and preserving access to critical services. When legitimate service access is disrupted, users and employees may abandon secure channels or stop using services altogether, harming business continuity. Enterprises therefore need affordable, comprehensive defenses that keep services available and protect users from attack.
Hybrid cloud and on‑premises defense
A layered, two‑pronged approach—combining cloud-based scrubbing with on‑premises mitigation—offers the most resilient protection for demanding network environments. Debate about cloud versus on‑premise solutions is giving way to the reality that enterprises need both. Cloud scrubbing helps when attack volumes exceed a business’s internet capacity, but cloud-only defenses have limitations. On‑premises systems complement cloud services by detecting and mitigating attack types that cloud scrubbing may miss, including low-and-slow application attacks, and by delivering rapid response times down to 100 ms. Together they provide broader coverage across attack classes.
Threat intelligence
High-quality DDoS threat intelligence, paired with real-time detection and automated signature extraction, enables organizations to withstand large multi-vector attacks. Actionable intelligence supports a proactive defense posture by providing accurate, up-to-date feeds of malicious IP addresses, vulnerable servers and botnet indicators that can be used to build effective blacklists and filtering rules.
Looking forward: defending in the 5G era
As 5G networks come online, attack capacity and complexity are likely to increase. Enterprises should move beyond traditional security measures and embrace tactical solutions that address the cloud-distributed nature of modern DDoS threats. Combining cloud and on‑premises defenses with strong threat intelligence gives organizations the best chance to stay ahead of evolving DDoS tactics and keep critical services available for users.
(Photo credited to Markus Spiske on Unsplash)
Interested in hearing industry leaders discuss these topics and share their experience? Attend the Cyber Security & Cloud Expo World Series events in Silicon Valley, London and Amsterdam to learn more.