The size and impact of Internet attacks in the past few months highlights concerns about the Internet’s resilience and the ability of networks in general to handle the evolving threat landscape. Some pundits have suggested the entire Internet is likely to go down in 2017, so it’s essential for businesses to do their part to better secure the Internet and keep it available, according to Aleron.
Mark Wroniak, director, Aleron, said, “The WikiLeaks allegation that the CIA knew about but didn’t disclose several flaws in software from key providers seems to confirm fears that most internet-connected devices are at risk of being hacked. If the CIA can do it, then agents of other countries or organisations can do it also, creating potential vulnerabilities in devices from smart TVs to mobile phones.”
The distributed nature of the World Wide Web was originally designed to build resiliency into the Internet. However, now that so much of the Internet is hosted by so few companies, the Internet itself has become vulnerable to attacks.
“Companies like Google, Amazon and Microsoft host the lion’s share of the internet, creating a metaphorical black hole if they go down. The rollout of the nbn high-speed network across Australia potentially adds to the risk for local businesses because this super-fast internal network can effectively be used to attack Australia from within.”
On 1 March 2017, Amazon’s cloud storage service S3 began having high error rates, bringing down some of the world’s biggest sites and apps. This highlighted the potential for targeted attacks to bring the Internet down entirely.
Mark Wroniak said, “According to Amazon, Amazon S3 didn’t go down because of a deliberate attack but because of a typo by an engineer inputting a command. Imagine the impact of a targeted, coordinated attack on one or more of these major providers. We got a taste of this in 2016 when a distributed denial of service attack against Dyn brought down sites including Twitter, Pinterest, WhatsApp and more. Dyn is a DNS provider that translates web addresses into the numbers that computers need to point your browser to the right place. If it’s not working, it effectively renders the Internet useless.”
The Dyn attack was fuelled by Internet of Things devices, taking advantage of their typically low security to spread the attack. This highlights the importance of securing endpoint devices including IoT devices.
Mark Wroniak said, “If large swathes of the Internet go down, the ramifications won’t just be felt by people who can’t access their Internet banking or their Facebook page. It’s likely that the financial markets would take a hit and governments would need to work overtime to keep things like public transport on track. Mobile phone towers could be hacked, making communications challenging; Australia’s mobile phone network is unlikely to be able to cope with a massive surge in demand. Businesses would find it difficult to function with no email and no access to documents stored in the cloud.
“Businesses can take steps to protect themselves and the Internet from a catastrophic outage by distributing their services across multiple regions and, if possible, providers. Redundancy is the keyword. Having a single point of failure is never the recommended option. When just a few hours’ outage can cost companies millions of dollars, it becomes a significant threat to the business.
“Responsible business managers must insulate their organisations from this type of fallout. This means putting strong security measures in place as well as building in redundancy.”