The evolving landscape of cybersecurity threats, particularly through botnet-driven Distributed Denial of Service (DDoS) attacks, has significantly shifted with the rise of Internet of Things (IoT) devices. The proliferation of IoT devices, ranging from household appliances to critical infrastructure like HVAC systems and medical imaging devices, has expanded the pool of potential botnet recruits. This increase has had a profound impact on the DDoS attack market, drastically reducing the cost of launching significant attacks from thousands to mere twenty dollars, due to the abundance of compromised IoT devices.

The threat landscape has been further complicated by the simplicity with which attackers can exploit these devices. For instance, many security cameras without password protection are fully accessible online, making them easy targets for compromise. The availability of detailed exploits and fixes on public platforms like GitHub exacerbates the issue, allowing even unpatched firmware vulnerabilities to be exploited easily.

A notable incident underscoring this threat was a DDoS attack on the U.S. Department of Defense infrastructure in 2023. This attack was significant not only in its scale but also because a substantial portion of the attack traffic originated from compromised IoT devices within the U.S. This incident highlights the challenge of distinguishing and mitigating attacks that blend legitimate traffic from fully operational devices, making detection and blocking efforts more complex.

The increasing complexity of cybersecurity threats and difficulty maintaining code quality, especially in IoT devices, indicate an industry-wide struggle. The rise in new vulnerabilities each year suggests a trend where the creation of secure code is lagging behind the emergence of new exploits. The involvement of state actors in DDoS attacks in recent times has introduced a new level of sophistication and scale, utilizing large-scale botnets potentially for strategic purposes, thereby posing threats not just to individual enterprises but to national infrastructure and carrier networks.

The role of Internet Service Providers (ISPs) in this scenario has come under additional scrutiny. Marketing high upstream bandwidth plans without considering the security implications for residential users, such as botnet activities, has been pointed out as a factor exacerbating the problem. The shift towards gigabit connectivity to our homes further increases the capacity for malicious traffic and internalizes the threat within networks, potentially leading to widespread outages and impacting carrier operations.

Rethinking DDoS security in the era of botnets

In response to these challenges, our Nokia teams have taken a proactive stance by integrating security into our IP hardware – by taking a "security must be built-in, not bolted-on" approach from design to delivery. The FP4 platform, introduced in 2017, was designed with built-in DDoS mitigation features and has since been actively deployed in the field, mitigating numerous DDoS attacks daily. In 2021, we introduced the FP5 network processor, setting new benchmarks for IP network security and energy efficiency. And, in September 2023, we added the FPcx to the family of FP processors, also announcing a new family of IP routers – the 7730 SXR, based on this chipset.

Having an advanced IP network capable of defending itself is one part of the solution. In addition, our Deepfield team, focused on network analytics and security, brought impressive features and capabilities to Deepfield Defender, our AI-driven big data security analytics platform.

Furthermore, as a result of collaboration between our IP routing and Deepfield teams, we developed the 7750 Defender Mitigation System, a dedicated scrubbing system built on the FP5-based platform, optimized to fight next-generation DDoS threats with a whole new level of scale (scaling to 2.8 T/bps in a 2 RU platform!), precision and efficiency. This dedicated scrubber based on router technology was designed to seamlessly integrate into various network environments, providing a robust response to volumetric and other DDoS attacks.

Our comprehensive approach to DDoS security showcases Nokia's leadership in the field, combining innovative detection technologies, collaborative intelligence sharing, and practical applications.

Nokia's commitment to offering the fastest and most effective DDoS detection and mitigation solution is evident through all these advanced IP innovations, which aim to create and contribute to a safer internet environment.

Learn more

To learn more about the Nokia DDoS security solution, visit the Nokia booth at the upcoming MPLS, SD & AI Net World Congress and the Quantum Networks event in Paris, France, from 9 to 11 April. There, we will demonstrate our DDoS security solution and showcase our full IP portfolio. In addition, Nokia’s speakers will give 11 presentations at the event - please check Nokia's event page for details about the timing of our presentations.

If you cannot make it, you can still learn more about the botnet DDoS threat and Nokia's approach to DDoS security by checking out this 30-minute YouTube video recording of the session "Fear the botnet" by Dr. Craig Labovitz, Head of Technology at Nokia Deepfield, recorded at our annual SReXperts conference in 2023.