Cybersecurity has always been one of the most complicated and sensitive domains. As attackers continue to become more inventive every year, new kinds of attacks emerge and make companies across the world realise that hackers are one step ahead.
In this article, we are going to look at one of the sophisticated attacks that is gaining popularity amongst hackers — Border Gateway Protocol (BGP) Hijacking.
BGP is the cause of hundreds of daily outages. And it is all because of antiquated design, and a lack of adoption of encryption or automatic verification methods. According to a 2017 report, there were almost 14,000 BGP hijacks and about 62% of them were outages and 38% were routing attacks. US, Brazil, Russia and China, are some of the countries most affected by BGP attacks.
How BGP Hijacking Works
BGP is basically a set of rules or backbone protocol that is used to manage how packets travel across the internet and it helps to propagate these networks to all BGP Routers across the world.
And BGP Hijacking is a type of internet traffic-based attack. In a BGP hijacking, the attacker maliciously reroutes Internet traffic, by claiming to have ownership of groups of IP addresses, called IP prefixes. However, the announcement is nothing but a hoax as the hacker never owns or have any control of them.
For example, let’s assume there is a road (a straight stretch) that connects point A and point B. But the same route also has a crossroad where two more roads connect— one goes to point C and one goes to point D. Now if you hijack all the destination signs and interchange them, the traffic on the road that wants to go to point D would go to point C and vice versa.
It is one of the most complicated cyber-attacks, not every hacker can carry out this attack. For a successful BGP attack, the router that connects to an autonomous system (AS) needs to be pwned and also, the attacker has to be very alert about the traffic that it is rerouting.
Speaking of what is an Autonomous System (AS), it is basically a collection of connected IP routing prefixes. And these IPs are under the ownership and control of one or more network operators on behalf of a single administrative entity or domain.
Victims Of BGP Hijack
One of the victims of BGP hijack was Amazon. Last year in April, AWS’s DNS traffic was hijacked that affected as many as 1,280 IP addresses and allowed hackers to loot about $150,000 in cryptocurrency from users of a cryptocurrency wallet. And the cause behind this entire incident was a weakness in Border Gateway Protocol routing.
The traffic that was going to MyEtherWallet was rerouted to a server in Russia, where the cryptocurrency was stolen from unwitting customers.
Amazon is not the only recent victim of BGP Hijacking, the latest victim of this notorious attack is from Taiwan. In May 2019, traffic that was going through a public DNS run by Taiwan Network Information Center (TWNIC) was redirected to a server in Brazil. The traffic kept moving towards the server for about three and a half minutes, which is also a significant amount of time required to do some serious damage and result in the leak of data.
How To Defend Against A BGP Attack
BGP Hijacking over the years has become a serious threat in this internet driven world. Even after witnessing some of the notorious attacks, there are companies that are not capable of defending against it.
Here are some of the things to consider if you want to fight the BGP attack:
- Choose the right service provider: When you are choosing a service provider for your business, make sure to do thorough research about their cybersecurity infrastructure — what measures they take to mitigate the risk of getting attacked.
- Have In-House Team To Keep an active eye on the traffic that goes through the organisation’s network.
- Implement IP address prefix filtering system in order to prevent malicious traffic from the untrusted network
- BGPsec is another way to strengthen your security against BGP hijacking as it provides a mechanism for routers to apply digital signatures to their route update advertisements
- Make sure you have another communication channel with another provider if in case you want to inform your customers in case of an attack.
BGP hijacking is one of the most complicated attacks to carry out as well as to detect. To fight this threat, organisations need to up their cybersecurity game with all the necessary measures.
