A first of its kind IPv6 DDoS attack hit servers over the weekend, ‘raising a red flag for the future era of cybercrime’, according to global web security firm, Neustar.
The DNS threat - which was successfully defended against - came from approximately 1,900 different native hosts, on more than 650 networks. It targeted Neustar’s authoritative DNS service and highlights the worrying deployment of new attack methods.
Barrett Lyon, Head of Research and Development at Neustar said, “We’ve been monitoring the increasing deployment of IPv6 for a while now and have seen certain indicators of it hitting critical mass. This weekend’s attack was however, the first actionable attempt from hackers. Businesses now need to treat IPv6 as an important part of their security profile.”
Previously, organizations implementing software that uses network connectivity have been advised to write code with the ability to call protocol-agnostic networking libraries, which meant that in cases where the software didn’t need to consider whether it was on an IPv4 or IPv6 network, it would use whatever was available and preferred by the network. This also encouraged those that write bots and worms to follow the same practices.
Wesley George, Principle Engineer, SiteProtect NG Network Engineering, Neustar, added, “If security teams are not considering IPv6 traffic as a part of their threat model, regardless of the type of the attack, they stand to be caught unprepared for whatever the next big headline attack might be. Across the industry, we have known that IPv6 attacks were going to start as IPv6 deployment started to reach a tipping point, and that tipping point is now here, so it is critical that organizations take IPv6 attack vectors seriously and ensure they have a plan to address them.”