BGP (Border Gateway Protocol) is a fundamental support system of the internet. It is designed to exchange routing and reachability info among autonomous systems on the internet. This important tool is essential for network stability. Security vulnerabilities of BGP can lead to heightened attack risks that can impact our businesses and many aspects of society.
Increasing risk of Border Gateway Protocol attacks
The implications of BGP sabotage, may include privacy risks for citizens and for businesses. Recent reports have shown that BGP hijacks are the most common, with high impact security vulnerabilities that cause large-scale network outages. These risks are escalating as cyberattacks continue to become more advanced and sophisticated. In recent times, the media has exposed BGP attacks aimed at financial crime, more specifically, the theft of cryptocurrency.
- In April 2018, attackers intercepted and changed DNS requests for myetherwall.com, which enabled the hackers to empty Ethereum cryptocurrency wallets. This act of sabotage was achieved via BGP hacking and had very damaging implications for both company and its customers.
BGP makes scale-growth of the internet viable and ensures unified connectivity of an otherwise, decentralized internet system. Without BGP to provide the most efficient routes, traffic would need longer periods of time to get to their intended destination, or it may prevent traffic reaching the intended destination altogether. BGP is unquestionably important but it also has fundamental weaknesses, making it particularly vulnerable to attacks and errors.
Signs of a potential attack
The signs to look out for when a system is under a BGP attack:
- Increased latency
- Reduced network performance
- Misdirected traffic
What can be done to prevent BGP Hijacks?
Border Gateway Protocol hijacking detection can be achieved through BGP updates, to monitor activity regularly and to detect anomalies in the system if they arise – such as misdirected internet traffic. Monitoring larger networks should be a priority to companies, as a way of ensuring the privacy and security of global subscribers.
It is advisable that networks only accept IP prefix declarations and should only declare their IP prefixes to certain networks and not the entire internet. Such measures will help prevent potential route hijacking and may keep the AS from accepting prefix declarations – although this is not always possible to achieve.
Improve your detection system to reduce risk
BGP attacks can be the cause of many societal and economic disruptions. Based on our growing awareness of the threats and their impact, more secure routing solutions are being developed to help combat BGP attacks. It is essential to collect the right information to update and improve your plan, as an improved detection system will help safe-guard your business against future threats. However, it must be noted, that no one solution will provide complete protection against threats that are becoming more sophisticated and malicious.