
Predictions for DDoS security trends in 2023

By Alex Pavlovic, Director, Director of Product Marketing, Nokia Deepfield
Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
By Alex Pavlovic, Director, Director of Product Marketing, Nokia Deepfield
In 2022, we saw an incredible rise in the use of botnets to generate DDoS (Distributed Denial of Service) attacks; today, over 60% of all DDoS traffic is generated by bots. The range of targets has expanded from gaming circles (both individual users and companies) and all types of enterprises to critical infrastructure elements belonging to service providers, cloud builders, and public utilities and governments, with attacks coming both from outside and inside service provider networks.
As we move into 2023, there are several key developments and trends that are likely to shape the landscape of DDoS security. Here are a few key predictions for what we can expect in the coming year.
1. We will see attacks over 5 Tbps, possibly even in the 10 Tbps range.
The number of open servers on the internet that can be exploited is growing, and the bandwidth of DDoS ‘tentacles' that can be combined in a single attack is growing too. With gigabit connectivity becoming widely available, traditional amplification/reflection techniques can easily lead to a multi-terabit attack range. To put things into perspective, a 5-10 Tbps DDoS attack would cripple most country-level internet connectivity or surpass levels of combined traffic seen in most internet exchange points (IXPs).
2. The increasing use of IoT devices will drive more botnet DDoS attacks.
This one is a fairly "safe bet." We see continued exponential growth of IoT devices, and many have weak security and can be easily compromised, making them ideal for use in DDoS attacks. As a result, we expect to see a significant increase in bots employing the power of exploited IoT devices for botnet-powered DDoS attacks.
3. There will be more AI-powered DDoS attacks.
One of the biggest trends in cyber attacks is the increasing use of artificial intelligence (AI) and machine learning (ML) to power them. For DDoS attacks, AI can automate the scanning, identifying and targeting of vulnerable systems. As a result, we can expect to see a rise in the number of AI/ML-powered DDoS attacks in 2023 as attackers continue to leverage this technology to amplify their attacks and evade detection. Some of these attacks will come directly from malicious individuals and criminal groups. Still, we expect that AI/ML-driven DDoS will also be offered in the form of DDoS-as-a-Service - subscription-based services that provide attackers with the tools and infrastructure they need to launch DDoS attacks. These services are already out there, easy to use and require little technical expertise, making them appealing to a wider range of attackers.
4. AI/ML will also be used to defend against DDoS attacks.
With a growing application of big data analytics, AI and ML in network security, we will see more security professionals employing AI and ML for detection and mitigation. To stay a few steps ahead of malicious actors, service providers need to step up their "AI game": "fight bots with bots" and automate detection and mitigative actions as much as possible.
5. There will be a rise in "inbound DDoS."
With the expansion of new technologies such as 5G and new distributed architectures, DDoS traffic can be expected to come from anywhere. For service providers who have historically been looking at the outside of their networks, this increased complexity means that they should also expand their threat horizon to the inside of their networks and monitor for malicious network activity aimed at other customers or targets outside of their networks.
6. We will see the continued growth of third-party managed DDoS protection.
As more businesses move their operations to the cloud, we can expect to see a corresponding growth in the use of managed DDoS security - delivered either by communications service providers or cloud providers. These solutions are appealing because they allow businesses to offload the burden of DDoS protection to a third-party provider. Managed DDoS security solutions delivered by an MSSP (managed security service provider) or a cloud provider offer more scalable options for enterprises, making them a good fit for many businesses. The reverse perspective here is also important: service providers and cloud providers should look at network security, including DDoS security, as an opportunity to grow and diversify their managed security portfolios and expand their service offerings to many new customers.
7. We will see greater collaboration in DDoS defense.
Finally, one of the key trends likely to emerge in 2023 is greater collaboration in DDoS defense. Given the increasingly complex and sophisticated nature of DDoS attacks, it is no longer feasible for businesses, service providers or governments to tackle them individually and independently. Instead, we will see a growing need for collaboration between businesses, service providers, regulators, governments, and law enforcement agencies to share intelligence and better defend against DDoS attacks.
In summary, the coming year will likely amplify a few existing challenges and trends and bring some new ones in the world of DDoS security. From the rise of AI-powered attacks to the increasing use of botnets, service providers must stay vigilant and take steps to protect their customers and themselves against these increasingly sophisticated threats. By implementing new, advanced technologies (that also employ AI/ML) and collaborating with others in the fight against DDoS attacks, we can work together to stay a few steps ahead of the attackers and protect our networks, services and subscribers.
NetIX addition:
NetIX members can access two forms of DDoS protection across the platform: Blackholing and Smart Blackholing.
With these two services, you can stop a DDoS attack before it causes damage to your network, your customers and your reputation. At the click of a button, NetIX's Blackholing solution can refuse traffic from a malicious source from reaching your network, whereas the Smart Blackholing solution automatically kicks into the gear the second it registers more traffic than normal trying to access your network.
Contact the NetIX team about these services now >
Alex's telecommunications career of more than 25 years spans many environments: academia, regulatory, consulting, and Tier-1 hardware and software telecom vendors. Currently, Alex is a Director of Product Marketing at Nokia, focused on the Nokia Deepfield portfolio of applications for network intelligence, analytics and DDoS security.
View the original post here >