Level 3 scrubs up its APAC operations to guard against botnet DDoS attacks
© Flickr/cc-licence/Mike Monteiro
- New DDoS scrubbing centres open in Hong Kong, Tokyo and Singapore
- Level 3 instigates enhanced cyber protection for its customers’ networks
- Threat of botnet attacks on IoT equipment is increasing
- Over 500,000 botnets based on the Mirai source code believed to be operating
Level 3 Communications is the latest telco to step up its security activities in the face of increasing cyberattacks on its customers’ networks. It has opened new “scrubbing centres” in Hong Kong, Tokyo and Singapore to expand its security service functionality through dedicated Distributed Denial of Service (DDoS) mitigation solutions for its multinational company customers in the Asia-Pacific region.
Level 3 says its security solutions provide layers of defence through enhanced network routing, rate limiting and filtering that can be paired with cloud-based scrubbing for a more comprehensive mitigation solution. Australia, China and Hong Kong are listed among the most vulnerable countries to cyberattacks, according to a report by Project Sonar – a security research project by Rapid7 that conducts internet-wide surveys across different services and protocols to detect global exposure to common vulnerabilities.
Rapid7 cites lack of encryption as a key factor in the growth of cyberattacks, and a “a fundamental failure in modern internet engineering”. Where encryption and strong authentication is possible today, they argue that exposing a database directly to the 3.5 billion human internet population is no longer a sensible act.
In its report last year, the organisation said that: “Despite calls from the Internet Architecture Board, the Internet Engineering Task Force, and virtually every security company and security advocacy organization on Earth, compulsory encryption is not a default, standard feature in internet protocol design.”
Level 3 opened the additional scrubbing centres to provide customers with infrastructure in the region to quickly mitigate attacks with less disruption to business operations. The telco says it has a DDoS ingest capacity of 4.5Tbit/s, providing a high capacity to ingest massive attacks so customers can get back to business as quickly as possible. The service is carrier agnostic and pulls all customer traffic into Level 3's globally located scrubbing centres for cleansing before forwarding legitimate traffic through a private connection or the public internet.
“Our customers need an adaptive approach to tackling today's threat environment,” said Anthony Christie, Chief Marketing Officer, Level 3. “The disciplined approach we've taken to monitoring the threat landscape to protect our network has put us in a unique position to work with our customers in Asia Pacific to identify and mitigate cybersecurity threats. Our expansive view of threats coupled with our full suite of enterprise networking services supports companies of all sizes located anywhere on the globe.”
Attack of the IoT Botnets
IoT-compromising malware research by Level 3 Threat Research Labs conducted last October revealed many connected devices are being compromised and enabling attacks reaching in excess of 600Gbit/s.
In mid-September, Level 3 researchers discovered the Mirai botnet, whose source code was subsequently released and inspired a significant number of new malicious hacks and botnets, all working to exploit similar pools of vulnerable devices. Typically, Mirai attacks focus on game servers and residential IP addresses, and the magnitude of attacks observed can be quite significant, with over 100,000 bots used against the same victim (the estimated number of Mirai botnets now exceeds 500,000).
Whilst telcos such as Level 3 continue to work closely with hosting providers and domain registrars to block malicious traffic, there are further actions that can be taken to prevent attacks from IoT botnets.
“Manufacturers play a vital role in mitigating threats from malware like Mirai,” wrote the team at the Level 3 Threat Research Labs. “By disabling unused services, such as telnet, and requiring users to set passwords after installation, devices become much less vulnerable. Consumers can improve their security as well by changing default passwords and following security best practices. As IoT devices become more widespread, implementing these basic security measures will become more important.”