Next year, a hacktivist organization or nation-state will launch a coordinated attack against the infrastructure of the internet.The industry already saw the impact of an attack against a critical piece of internet infrastructure when a DDoS attack against DNS hosting provider, Dyn, took down many popular websites including Twitter, Reddit, and Amazon.com. Around the same time, security expert Bruce Schneider noted that attackers were probing several unnamed companies that provide similar critical internet services for potential weaknesses. A DDoS attack of this magnitude against a major registrar like Verisign could take down an entire top-level domains (TLD) worth of websites. Imagine the impact if every single .com address was no longer resolvable.
Even the protocol that drives the internet itself, Border Gateway Protocol (BGP) operates largely on the honor system. Only 0.1 percent of the internet’s autonomous system numbers (ASNs, collections of IP address routes under control of an organization) have deployed Route Origin Validation, meaning the other 99.9 percent are wide open for hostile takeover from route hijacking.
The bottom line, the internet itself is ripe for the taking by someone with the resources to DDoS multiple critical points on the internet or abuse the underlying protocols themselves. With nation-state and hacktivism attacks ramping up recently, we could see cyber attackers actually take down the internet in 2019.
Can’t wait to see what other emerging threats and security trends might surface next year? Watch a special video edition of The 433 – Security Simplified podcast or read the full list of WatchGuard’s 2019 Security Predictions.