Story image

Why your organisation now needs to worry about IPv6 attacks

03 May 2018

Article written by Neustar SiteProtect principal engineer Wesley George

As IPv6 began development in the mid-2000’s, the thought of cyberattacks on this protocol were a distant threat that sat in the theoretical basket. According to a recent Google report, 14% of Australians now access their online content through IPv6 while worldwide this rate is even higher at 22%.

As evident in the report, a lot has changed in the last few years, as networks have begun to migrate from the old IPv4 architecture to the newer IPv6 system this theoretical possibility began to emerge as a more credible and realistic threat. In February this year, Neustar detected a live native attack on its UltraDNS network, taking this threat from a theoretical possibility to a tangible real-world issue that today’s network managers need to address seriously.  

While this isn’t the first IPv6 attack, the evidence suggests that they are escalating. Previously the majority of attacks have not specifically targeted a particular IP version, instead aiming to disrupt anything they could find that was not secure. This particular attack was notable because in addition to IPv4 sources and destinations, additional attack traffic originated from many IPv6 hosts targeting IPv6 servers. While the type of attack used was by no means new, the targeting of these attacks is beginning to evolve to include IPv6.

What does this mean for network managers?

In order to ease IPv6 deployment, there are a well-documented series of best practices for making applications IPv6-capable. The idea is that when presented with a network that is IPv6-capable, applications will take advantage of this transparently to the end user. Malware developers can take advantage of these same best practices such that as IPv6 is deployed in more and more networks, they can both generate attacks from IPv6 hosts, and attack IPv6 content and services with little additional effort.

In addition to this, there is a lack of awareness and skills around IPv6 attacks and how to mitigate against them.  Many people are unaware that IPv6 is available on their network and services or that it is available on many residential and mobile networks that their remote employees might use.

As a result, IPv6 is not in their threat profiles and they don’t have the same levels of protection in place or a plan for how to address an IPv6 attack. This oversight is usually due to the perception that deployment needs the most attention, leaving security as a lower priority, particularly as the perceived threat of IPv6 attacks is still quite low.

Another issue which is contributing to the acceleration of attacks on IPv6 networks is the rapid growth of the Internet of Things (IoT). Due to the sheer number of new devices being deployed the only way for them to exist and function is to deploy them using the IPv6 protocol.  Unlike devices that used the IPv4 protocol which needed network address translation (NAT) to receive an address, IPv6 devices can be targeted directly without a NAT and can, therefore, be easier to target and access directly.

How to protect yourself

This raises the question, ‘How do we best protect our networks against these protocol-specific attacks?”

While it appears that for the moment most cyber criminals are not directly targeting IPv6, largely due to the fact that it hasn’t yet been universally deployed, the recent attack shows that it is only a matter of time before this becomes commonplace. This means that businesses and their network managers need to start implementing processes that can detect wayward IPv6 traffic flow across their networks.

They also need to develop a stronger and more thorough understanding of emerging threat vectors in order to develop and implement new security plans that can detect, mitigate the risk of and deal with these IPv6 specific attacks when they do arise.

Kiwis know security is important, but they're not doing much about it
Only 49% of respondents use antivirus software and even fewer – just 19% -  change their passwords regularly.
Avi Networks: Using visibility to build trust
Visibility, also referred to as observability, is a core tenet of modern application architectures for basic operation, not just for security.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.