Story image

Why your organisation now needs to worry about IPv6 attacks

03 May 2018

Article written by Neustar SiteProtect principal engineer Wesley George

As IPv6 began development in the mid-2000’s, the thought of cyberattacks on this protocol were a distant threat that sat in the theoretical basket. According to a recent Google report, 14% of Australians now access their online content through IPv6 while worldwide this rate is even higher at 22%.

As evident in the report, a lot has changed in the last few years, as networks have begun to migrate from the old IPv4 architecture to the newer IPv6 system this theoretical possibility began to emerge as a more credible and realistic threat. In February this year, Neustar detected a live native attack on its UltraDNS network, taking this threat from a theoretical possibility to a tangible real-world issue that today’s network managers need to address seriously.  

While this isn’t the first IPv6 attack, the evidence suggests that they are escalating. Previously the majority of attacks have not specifically targeted a particular IP version, instead aiming to disrupt anything they could find that was not secure. This particular attack was notable because in addition to IPv4 sources and destinations, additional attack traffic originated from many IPv6 hosts targeting IPv6 servers. While the type of attack used was by no means new, the targeting of these attacks is beginning to evolve to include IPv6.

What does this mean for network managers?

In order to ease IPv6 deployment, there are a well-documented series of best practices for making applications IPv6-capable. The idea is that when presented with a network that is IPv6-capable, applications will take advantage of this transparently to the end user. Malware developers can take advantage of these same best practices such that as IPv6 is deployed in more and more networks, they can both generate attacks from IPv6 hosts, and attack IPv6 content and services with little additional effort.

In addition to this, there is a lack of awareness and skills around IPv6 attacks and how to mitigate against them.  Many people are unaware that IPv6 is available on their network and services or that it is available on many residential and mobile networks that their remote employees might use.

As a result, IPv6 is not in their threat profiles and they don’t have the same levels of protection in place or a plan for how to address an IPv6 attack. This oversight is usually due to the perception that deployment needs the most attention, leaving security as a lower priority, particularly as the perceived threat of IPv6 attacks is still quite low.

Another issue which is contributing to the acceleration of attacks on IPv6 networks is the rapid growth of the Internet of Things (IoT). Due to the sheer number of new devices being deployed the only way for them to exist and function is to deploy them using the IPv6 protocol.  Unlike devices that used the IPv4 protocol which needed network address translation (NAT) to receive an address, IPv6 devices can be targeted directly without a NAT and can, therefore, be easier to target and access directly.

How to protect yourself

This raises the question, ‘How do we best protect our networks against these protocol-specific attacks?”

While it appears that for the moment most cyber criminals are not directly targeting IPv6, largely due to the fact that it hasn’t yet been universally deployed, the recent attack shows that it is only a matter of time before this becomes commonplace. This means that businesses and their network managers need to start implementing processes that can detect wayward IPv6 traffic flow across their networks.

They also need to develop a stronger and more thorough understanding of emerging threat vectors in order to develop and implement new security plans that can detect, mitigate the risk of and deal with these IPv6 specific attacks when they do arise.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.