- Netflix’s security engineer Scott Behrens ran a self-inflicted application distributed denial of service (DDoS) attack to showcase the possibility of an infiltration of Netflix's API — or any other organization's APIs — to cause a system failure from within, according to Wired.
- Behrens reverse-engineered the application DDoS during a Chaos Kong study, which redirected active users to an available region during a mock AWS outage. Isolating the production area gave Behrens the opportunity to run the attacks without impacting active users. The test resulted in 80% API gateway errors, according to The Netflix Tech Blog.
- Application DDoS attacks account for less than 1% of DDoS attacks, according to The Netflix Tech Blog. But, Application DDoS in microservice architectures are a direct threat to the many branches that extend from within the Gateway API. Traditional DDoS attacks require little resources and simply overload a network causing a system failure and inaccessibility.
Traditional DDoS attacks rose 380% in the first quarter of 2017. These attacks can thwart user access and therefore threat overall revenue. The increase in DDoS threats has heightened the Department of Homeland Security’s promotion of best protection practices.
Netflix is trying to showcase how advanced attack methodologies are surfacing, contributing to the current cyberattack madness. The mock application DDoS attack is a proactive measure Netflix is taking to ensure it can stay a step ahead of nefarious cyber actors. Through the Chaos Kong test, Behrens was effectively able to test an active environment and see how it could impact not only its users but its network requests.
The overall cost to launch DDoS attacks is minimal and this was imperative for Behrens experiment. The widespread use of an API gateway to a company’s microservices architecture results in cheap hacking initiatives but mass hysteria for a company. Behrens’ goal in reverse-engineering this kind of internal attack is creating cyber tools to protect companies from hacking and thus raising the cost of the overall hacks.
Cyberattacks are evolving and Netflix is taking the risks into account. Hackers are utilizing vulnerable resources and companies like Netflix are working to ensure those resources are unavailable.