Three technologies making critical infrastructure vulnerable to DDoS attacks

This article is part of our Opinions section.

Technology: it’s great, but it often comes at a price. I’m not talking about the $3,499 you’re saving up for the Apple Vision Pro, but the risk of bad actors exploiting new tech as it enters the market.

Look at blockchain. It was developed with good intentions, but at the same time also created the currency (Bitcoin) that enables ransomware to be the billion-dollar industry it is today. As tech continues to evolve, we must keep an eye on what new threats this may bring. 

DDoS attacks, like most forms of cybercrime, are growing more advanced over time. But it’s broader tech advancements outside the security industry that could cause the biggest shift in the next few years.

These types of attacks are nothing new. You have to wind back the clock to 2007’s attacks on Estonia for one of the earliest examples. Since then, they’ve been an unfortunately common fixture, with recent examples including Denmark’s largest-ever attack targeting critical infrastructure and a wave of attacks targeting Switzerland during the World Economic Forum in Davos.

But as technology develops, it could have serious consequences for critical national infrastructure’s exposure to DDoS attacks. Let’s look at three of the biggest offenders.

AI 

Quelle surprise, we’re talking about AI. As you’ve no doubt noticed, practically every industry is getting caught up in the hype. For cybersecurity, however, AI raises just as many concerns as it does opportunities. As the UK’s National Cyber Security Centre (NCSC) recently warned, AI will massively increase the speed and scale of attacks on critical infrastructure targets. 

Essentially, AI can fully automate DDoS attacks and provide real-time decision-making, which means more agile attacks that respond to new information and countermeasures. Stopping such attacks is partly a case of fighting fire with fire – AI can be used on both sides of the security battle lines. Some DDoS protection already uses rules and controls to monitor potential attacks but these are not enough. 

Critical national infrastructure organisations can use AI to analyse network traffic in real-time for better threat detection and incident response. So, you’ll have algorithms on one side trying to instigate a DDoS attack, and algorithms on the other side detecting and stopping them – welcome to the future.  

5G 

While you can’t have a “these technologies are potentially scary” listicle without throwing 5G into the ring, strictly speaking, it’s a slightly broader issue than 5G alone.

DDoS attacks are increasingly targeting telecom networks like internet service providers. Ongoing digital transformation around the world has meant sectors like healthcare, government and utilities are increasingly reliant on connectivity for daily operations. This means attackers aiming to disrupt such services now have the option to attack the networks underpinning them – great for them, bad for everyone else.

The increasing importance of digital infrastructure is even sparking debate about whether we should start considering internet providers and the like as critical infrastructure. For example, the EU’s upcoming NIS2 directive has “Digital infrastructure” listed as a type of “essential” entity, requiring higher levels of cybersecurity under the new legislation.   

Just as connectivity providers become more important for national infrastructure, the demand for these networks is simultaneously exploding. The advance of 5G and the Internet of Things (more on this in a moment) means the amount of traffic networks have to carry is skyrocketing. According to PWC, global data consumption over telecom networks will nearly triple, from 3.4 million petabytes (PB) in 2022 to 9.7 million PB in 2027.

While ISPs and other telcos are naturally investing heavily in their networks to meet growing demands, the increasing levels of DDoS attacks on these networks could prove… complicated. 

Toothbrushes?!

Okay, this one might sound like a stretch, but it’s not as far-fetched as it sounds. In February this year, a story broke about 3 million smart toothbrushes being used in a DDoS attack, knocking out a Swiss company for several hours. This, naturally, caught the attention of journalists and tech nerds around the world. The only problem? It wasn’t true. Allegedly, it was a hypothetical example given in an interview that got lost in translation somewhere. 

#Fakenews or not, it doesn’t change the fact that this scenario is possible. The keyword here is “smart”. Smart toothbrushes, smart devices, smart anything means the Internet of Things (IoT.) The IoT, like (and partly thanks to) both AI and 5G has been blowing up in recent years. There are currently more IoT devices in the world than people, and that number is only going to grow from approximately 14.76 billion now to 25.44 billion total IoT devices by 2030.

Internet of Things devices are (you guessed it) connected to the internet, and that’s a DDoS minefield right there. IoT devices (like consumer electronics) or even entire IoT networks (increasingly deployed by businesses for “smart factories”) face vulnerabilities. They can be targeted by DDoS attacks, either directly or through the networks they use to connect to the internet. They can also serve as the tools to conduct attacks themselves.

There are actually a few different ways this can happen, but the most likely is IoT devices being compromised and becoming part of a botnet to launch large-scale DDoS attacks. Unlike our previously mentioned toothbrushes, this isn’t hypothetical – this has happened before. The most infamous case is the Mirai botnet, malware that turned IoT devices running Linux into remotely controlled DDoS bots. 

Because many IoT devices aren’t particularly secure, alongside the fact that the amount of these devices in the world is set to double over the next six years, the threat of botnet-powered DDoS attacks can’t be ignored. Effort needs to be made to make these devices more secure, and networks more protected against such attacks.  

Where does this leave critical infrastructure? 

Since their motive is so often geopolitical, the frequency of DDoS attacks on national infrastructure varies greatly. However, the environment in which critical national infrastructure (CNI) attacks exist is changing rapidly. 

Tech advancements like AI and ongoing digital transformation are rapidly changing the DDoS picture for critical infrastructure organisations. However, protecting these entities from increasing threats shouldn’t fall just to CNI itself. It will require them to collaborate with security specialists and internet providers to ensure that these services and the networks they rely on have robust protection from DDoS attacks

Governments around the world are responding to this threat as best they can. Canada is proposing new laws forcing critical infrastructure providers to toughen up their cybersecurity as is the European Union with its impending NIS2 Directive. 

Security practices and technology are always racing to stay ahead of evolving threats. Moving forward, this will mean having AI-enabled security tools to counteract the increasingly sophisticated nature of attacks.