In October 2020, Google publicly disclosed details about a cyberattack that occurred in September 2017. It was a distributed denial of service (DDoS) attack from a foreign country that lasted six months and was the largest ever of its kind, the report said. In September 2021, Russian search engine Yandex was also hit by the largest-ever DDoS attack on the Russian Internet. Amazon has also suffered service attacks.
Hackers take advantage of the decentralized nature of the Internet to maintain anonymity while overcoming the resistance to attack. A common DDoS attack is to infect multiple nodes in multiple domains to form a semi-coordinated network called a botnet. These individual bots are then hijacked to launch attacks on more focused targets, often giving hackers an asymmetric advantage. More distributed software deployment, database management, and security protocols can reduce target vulnerability by extending the attack surface and reducing reliance on centralized trust.
The key to this decentralized approach is that it is a solution that already has multiple features that the zone chain can defend against attacks.
Asymmetric threat pattern
Google survived the 2017 attack, but its scale is unprecedented. At the peak of the attack, the speed of the attack reached 2.5 Tbps, a metric used to compare DDoS attacks, a fourfold increase. In the last 10 years, the number of DDoS attacks has increased exponentially.
The purpose of a DDoS attack is to restrict or completely shut down traffic to a target network or service by sending erroneous requests from multiple malicious infected sources. The decentralized nature of these attacks makes them difficult to defeat because they have no single source that can be stopped.
Instead, the targets of cyberattacks are largely more focused. Servers typically reside behind a limited number of IP addresses, providing a centralized attack surface. A compromised password or password credential could expose the entire database. Hackers can simultaneously control or limit access to a large number of resources in order to extract ransom.
To combat hackers, design is moving away from the traditional centralized trust model toward a more “untrusted” approach, especially when it comes to security protocols. Assigning trust by consensus to verify important elements such as access, authentication, and database transactions is what blockchain is best suited for.
Blockchain is more than encryption
More than a decade ago, blockchain became essentially synonymous with cryptocurrency in public parlance. But in addition to crypto-like smart contracts, irreplaceable Tokens (NFTs), decentralized financing, and distributed software, other blockchain applications like Ethereum have emerged on other platforms as various use cases.
The decentralized nature of blockchain, its consensus-driven nature and lack of trust make it inherently resilient against attacks. For those blockchain solutions that utilize proof-of-work verification methods, such as Bitcoin, hackers must gain control of most nodes in order to compromise ledger transactions – a computationally expensive method by design. This computational cost can be extended to other types of operations in a security scheme, thereby reducing the need for a central authority.
Many DDoS attacks exploit the Internet’s domain name servers (DNS) – which map IP addresses to readable website names. By moving DNS to the blockchain, resources can be spread across multiple nodes, making it impossible for an attacker to control the database. But just building a database or application on a blockchain doesn’t necessarily make them watertight. Hackers are persistent, and as governments become more involved in cyberwarfare, they are becoming more formidable adversaries.
The process of building blockchains can be enhanced with artificial intelligence (AI) to detect and prevent malicious data manipulation. Moreover, artificial intelligence built specifically to protect systems or databases can be implemented on more distributed models. As a blockchain application, there is no need to trust the nodes to remain intact.
The future is going to be decentralized
DDoS, data breaches, ransomware attacks, social media phishing, and even outright cryptocurrency mining attacks are all on the rise, with victims losing hundreds of billions of dollars each year. The growing frequency, sophistication, scale and economic consequences of cyberattacks have led to growing public concern, and both governments and private organizations are looking for ways to keep up with evolving threats.
DDoS attacks, such as the one at Google in 2017, take advantage of the fact that hackers distribute their targets evenly, which is the nature of asymmetric warfare. By using blockchain to decentralize assets, apps, and security infrastructure, it’s possible to stop fighting hackers on their terms and beating them at their own game. The future will be increasingly decentralized.