Internet outage lays bare flaws
● A major internet outage last weekend has raised the spectre of cyberattacks leading to global online traffic disruption.
After an error in the configuration of routing equipment in its data centre, US internet service provider CenturyLink suffered a major outage, with a cascade effect across the world as the error spread to other internet service providers.
Many major online services were disrupted. Among others, the Online Chess Olympiad ended in disarray, with Russia and India declared joint winners after two Indian players lost their connection.
Paul Ducklin, principal research scientist at global cybersecurity firm Sophos, told Business Times it showed the lack of global resilience against cybercriminals.
“The bad news is that large parts of the internet still operate on oldschool protocols … that were designed before the internet was commercialised, and long before cybercrime became a billion- or trillion-dollar industry,” he said.
Last weekend’s outage was a result of a misconfiguration of a protocol called BGP, for “border gateway protocol”.
“It is the way that the main routers on the internet update their signposts telling you how to send traffic reliably between major parts of the network. Injecting fake information into the internet routing system would be like having a joker who swapped around freeway on-ramp signs so that you unwittingly joined the northbound carriageway of the N1 to start a journey to Cape Town.”
Yury Namestnikov, head of the global research and analysis team for cybersecurity leaders Kaspersky in Russia, said that though we have seen several big outages of internet services due to cyberattacks as well as misconfigurations, we’ve yet to see the whole internet taken down.
“However, wide-scale attacks on the global internet are not impossible. One of the recent examples is the infamous WannaCry ransomware outbreak. We also see large waves of attacks when a new remote exploit gets released to the public. These lessons of the past teach us that it’s important to install necessary security updates and also have good security solutions.
“Currently the internet consists of different systems and devices, and all of them run different software, so it’s hard to imagine an attack that will impact the whole internet, but we observe large numbers of attacks targeting specific software configurations almost every day.”
According to Namestnikov, it is not in the interest of cybercriminals to take down the internet completely, as “nobody wants to kill a cash cow”. But this does not preclude “a political or geopolitical event”.
Anna Collard, MD of KnowBe4 Africa, a
South African company that specialises in security and compliance awareness training, said there are precedents, like the 2016 Mirai “botnet” that launched a co-ordinated attack from compromised internet-connected devices that form part of what is known as the Internet of Things (IoT).
“Mirai showed us how half the internet can be taken down via a massive distributed denial-of-service attack, using thousands of compromised IoT devices. And last Sunday’s downtime was another example of a major internet disruption, which will not be the last.”
Pankaj Bhula, Africa region director at global cybersecurity specialists Check Point, said the issue is exacerbated by old weapons being rebuilt for a new digital world.
“Emotet, an advanced, self-propagating and modular Trojan — spread through phishing spam e-mails containing malicious attachments or links — has recently resurfaced and has been very successful in infiltrating a number of organisations.”
He said SA is especially vulnerable. “SA experiences three times more cyberattacks than the global average.”
Doros Hadjizenonos, regional sales director for cybersecurity firm Fortinet in Southern Africa, said there is a constant risk of “a co-ordinated global attack”.
“Humans are generally the weakest link in any corporate IT security system so it’s imperative to have security awareness programmes, in conjunction with a layered security framework that is broad, integrated and automated,” he said.
‘Last Sunday’s downtime will not be the last disruption’