The attacks that get the most news coverage have dramatic names that make for compelling headlines. You can practically feel the intensity of brute force or volumetric DDoS attacks. These attacks target layers 1-4 of operator networks, the layers where data is moved around in the network. But, there’s a troubling blind spot in legacy network security solutions that enables hackers to go deeper into the operators network – all the way through to Layer 7, the application layer.
Attacks on the application layer aim to hone in on specific applications or functions by mimicking legitimate user traffic with the intent to cripple functionality or gain access to digital assets.
What Are Application Attacks?
Brute force and volumetric attacks are aptly named because they use up as much bandwidth as possible when going after a carriers’ network. Application attacks have more finesse, generating very little traffic as they send targeted commands to applications to overwhelm central processing units (CPU) and memory.
These attacks may go undetected and this “noisy traffic” can significantly slow legitimate traffic or cause network outages. With legacy systems, mitigation requires labor-intensive manual intervention because there’s no automated method to handle the threat. If and when network security solutions do sense a NetFlow-based volumetric attack with an application component, manual mitigation can take 15 to 20 minutes. By the time the security team has developed a strategy, the attackers have likely morphed to new signatures.
Hacker’s Favorite Application Attack Tricks
Hackers continue to develop new and more sophisticated methods to launch application attacks. Some of their favorite advanced techniques include:
- Headless browser requests – Tools that function as a browser but without the graphical user interface. They can be used to bypass third-generation HTTP challenges. Their goal is to take websites down.
- Botnet attacks from multiple IP sources – Attacks that target legacy DDoS systems with malware that infects multiple IP devices and then uses this network of computers to coordinate an attack from a changing list of IP addresses.
- Attacks from behind CDNs – Attacks launched from behind a CDN that is used to mask the source IP address and target the vulnerability of legacy systems trying to find the source IP address.
- SSL-encrypted attacks – Attackers understand that small SSL attacks can cause large problems based on both the encryption tunnel, which hides the attack itself, and an understanding that legacy systems require large amounts of CPU capacity to decrypt and detect attacks, thereby crippling their throughput.
- New low and slow attacks/Advanced Persistent Threats – Very patient attacks that slowly drain server resources over time. Zero day attacks of this type can be extremely difficult to detect since at any point in time there is low probability that an attack is active.
Why Should Carriers Care?
Many carriers lack the tools to even detect the presence of application attacks. And these attacks put carriers’ reputations at risk. For customers, a slow down in services may not be a big deal initially. But, as the number and severity of application attacks increases, clogged pipes and slow services are not going to be acceptable.
The impact of application attacks on carriers and their customers takes many forms:
- Service degradation
- Network outages
- Data exposure
- Consumption of bandwidth resources
- Consumptions of system resources
Carriers sell services based on speed and reliability. Bad press about service outages and data compromises have long lasting negative effects. Add the compounding power of social networking to quickly spread the word about service issues, and you have a recipe for reputation disaster.
What Can Carriers Do Now?
A new eBook from Radware – How Do You Stop What you Can’t See; The Imminent Threat of Application Attacks and How to Defend Against Them – can help answer specific questions about solutions available today to detect and mitigate application attacks.
This is the first in a series of e-books designed to provide the latest information and thought leadership on security solutions for Carriers and Service Providers. You’ll learn more about why application attacks are on the rise, who is responsible, and how these attacks can penetrate legacy network security solutions. Application attacks impact your ability to provide highly-available, high-performance network services for your customers, so learn the best strategies to protect your network now and in the future.
Louis Scialabba is Director of Carrier Solutions Marketing for Radware and is responsible for leading network security and application delivery marketing initiatives for global service providers. Mr. Scialabba has over 23 years of experience in the communications and networking industry in a variety of Sales, Marketing, and Engineering roles. Prior to joining Radware, Mr. Scialabba spent much of his early career at Tellabs, where he was Director of Mobile Backhaul Product Planning and Product Management. He later became the Head of North America Marketing for Aviat Networks. Mr. Scialabba earned a Bachelor of Science degree in Computer Engineering from the University of Illinois and a Master of Business Administration degree from St. Xavier University in Chicago.