Story image

Why your organisation now needs to worry about IPv6 attacks

03 May 2018

Article written by Neustar SiteProtect principal engineer Wesley George

As IPv6 began development in the mid-2000’s, the thought of cyberattacks on this protocol were a distant threat that sat in the theoretical basket. According to a recent Google report, 14% of Australians now access their online content through IPv6 while worldwide this rate is even higher at 22%.

As evident in the report, a lot has changed in the last few years, as networks have begun to migrate from the old IPv4 architecture to the newer IPv6 system this theoretical possibility began to emerge as a more credible and realistic threat. In February this year, Neustar detected a live native attack on its UltraDNS network, taking this threat from a theoretical possibility to a tangible real-world issue that today’s network managers need to address seriously.  

While this isn’t the first IPv6 attack, the evidence suggests that they are escalating. Previously the majority of attacks have not specifically targeted a particular IP version, instead aiming to disrupt anything they could find that was not secure. This particular attack was notable because in addition to IPv4 sources and destinations, additional attack traffic originated from many IPv6 hosts targeting IPv6 servers. While the type of attack used was by no means new, the targeting of these attacks is beginning to evolve to include IPv6.

What does this mean for network managers?

In order to ease IPv6 deployment, there are a well-documented series of best practices for making applications IPv6-capable. The idea is that when presented with a network that is IPv6-capable, applications will take advantage of this transparently to the end user. Malware developers can take advantage of these same best practices such that as IPv6 is deployed in more and more networks, they can both generate attacks from IPv6 hosts, and attack IPv6 content and services with little additional effort.

In addition to this, there is a lack of awareness and skills around IPv6 attacks and how to mitigate against them.  Many people are unaware that IPv6 is available on their network and services or that it is available on many residential and mobile networks that their remote employees might use.

As a result, IPv6 is not in their threat profiles and they don’t have the same levels of protection in place or a plan for how to address an IPv6 attack. This oversight is usually due to the perception that deployment needs the most attention, leaving security as a lower priority, particularly as the perceived threat of IPv6 attacks is still quite low.

Another issue which is contributing to the acceleration of attacks on IPv6 networks is the rapid growth of the Internet of Things (IoT). Due to the sheer number of new devices being deployed the only way for them to exist and function is to deploy them using the IPv6 protocol.  Unlike devices that used the IPv4 protocol which needed network address translation (NAT) to receive an address, IPv6 devices can be targeted directly without a NAT and can, therefore, be easier to target and access directly.

How to protect yourself

This raises the question, ‘How do we best protect our networks against these protocol-specific attacks?”

While it appears that for the moment most cyber criminals are not directly targeting IPv6, largely due to the fact that it hasn’t yet been universally deployed, the recent attack shows that it is only a matter of time before this becomes commonplace. This means that businesses and their network managers need to start implementing processes that can detect wayward IPv6 traffic flow across their networks.

They also need to develop a stronger and more thorough understanding of emerging threat vectors in order to develop and implement new security plans that can detect, mitigate the risk of and deal with these IPv6 specific attacks when they do arise.

Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Aussies too lax about IoT security - McAfee
Aussie consumers are at a loss when it comes to securing the increasing number of connected devices in their homes and are often opting to take no action at all.
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.
SolarWinds extends database anomaly detection
As organisations continue their transition from purely on-premises operations into both private and public cloud infrastructures, adapting their IT monitoring and management capabilities can pose a significant challenge.
NATO picks BlackBerry's encrypted voice technology to secure calls
The NCI Agency acquires, deploys and defends communication systems for NATO's political decision-makers and command centres