How SCiON can address BGP Hijacking

Author. Patrick Bollhalder     May 13, 2022
How SCiON can address BGP Hijacking

Is this still something businesses simply have to deal with?

Data for the digital economy of the 21st century is what oil was for the industrial economy of the late 18th century - an immensely valuable asset that enables the growth and smooth functioning of everything from government agencies to private businesses. Just like any other valuable commodity, data is a subject to various attacks by malicious actors.

One such attack is BGP hijacking that has been prevalent since the dawn of the Internet. The ability to fool the Border Gateway Protocol (BGP) into directing valuable information and data to cybercriminals has historically had no real solution for victims. However, with data becoming more and more valuable, businesses today can no longer afford to accept that. With Anapaya, they may no longer have to.

What is BGP Hijacking

We’ve already discussed BGP hijacking in a few of our blogs, but to give you an overview, BGP hijacking refers to when cybercriminals intentionally reroute Internet traffic by falsely announcing ownership of IP prefixes. These prefixes disingenuously offer a more efficient route towards your data’s intended location. Automatically, your information then travels through this prefix, allowing the owners of that prefix to control where that data travels - potentially enabling them to harvest or hijack that data.

BGP hijacking can cost a company millions of dollars in privacy suites, stolen company secrets, or data held to ransom in today’s increasingly digital world. Despite these risks, however, companies have had little to no recourse or protection against such attacks when they occur. This is due primarily to how the traditional internet is built, with its creators never taking cybercrime and data protection into account.

The Impact of BGP Hijacking

While BGP hijacking has been notorious throughout the 2000s, and high-profile attacks continue to happen to this day - 2020 alone saw a massive surge in such attacks (an average of 14 per day), including attacks on major corporations such as MasterCard, Amazon AWS, Microsoft, VISA, Google and more. While few have reported reliable numbers of their monetary damages, the few that did have listed losses as high as $29 million.

Apart from the financial hits experienced by private businesses, the more disturbing side of BGP hijacking is the fact that it can be used by nation-states or groups affiliated with them as a digital weapon designed to hijack and steal government data and private citizen information.

Mitigating the risks of BGP hijacking is no easy task, and while attacks have decreased between 2021 (775 according to BGPStream collectors data), the risks are still prevalent for private and public sector institutions across the globe.

One of the more recent and notorious examples was the April’s Fool BGP Hijack that took place on April 1, 2020 when Rostelecom pulled a not-so-funny prank and hijacked multiple prefixes from the largest cloud networks such as Akamai and Amazon AWS, rendering hundreds of thousands of web-users unable to access their services.

Another example of a high-impact BGP hijacking occured on September 29, 2020 when almost 500 prefixes in a BGP hijack event affected 266 other ASNs in 50 countries, with the most damage rendered to the United States and United Kingdom based networks. The incident lasted for several hours, and some high-profile names like ProtonMail were affected.

And while 2021 saw a decrease in the number and duration of BGP attacks due to positive changes in routing practices, they still occur on a regular basis to pose a serious threat on businesses and government institutions.

To learn more about the BGP hijacking throughout the past several years, make sure to check out our infographic!

New call-to-action

It’s no secret that BGP hijacking poses a severe threat to everyone who uses the internet. While encryption methods are becoming ever more complex to counter it, criminals are simply storing the data until they can resolve the encryption at a later date.

What can businesses do about BGP hijacking?

For many, the reality is a grim fact of life for internet users and businesses. Over the years, there has not been a single effective measure to protect against BGP hijacking, and companies who use the internet to do business have had little choice but to remain hopeful that they will not be the next victim.

Luckily, this is no longer the case. Today, businesses have a solution to BGP hijacking that was previously not available to them in the form of Anapaya’s SCiON Internet that combines the flexibility and accessibility of the public Internet with the security and reliability of the private MPLS . By utilising a new way of networking, individuals and organisations can begin to control where their data goes, who sees it and what it is used for.

This is the vision Anapaya has for tomorrow’s internet, and it’s available for use today.

How SCiON addresses BGP Hijacking

BGP hijacking relies on the fact that users who send data online do not have control over the route it travels, which is automatically selected based on which prefixes are perceived to be most efficient. Anapaya’s SCiON-based solution does away with this assumption, enabling users to control where their data travels.

For example, with the traditional internet, users simply select what data they send and where they intend for it to go. With Anapaya’s solution, data owners gain much more control, including but not limited to:

  • Where the data goes
  • Which geographic areas to avoid
  • What type of route to optimise for (speed, reliability, security etc.)
  • What backup routes to switch to in case of breach or failure

orgman_preview

In short, Anapaya gives you options, and with options, you can protect yourself and your data. Let’s take a deeper dive at each of the options that Anapaya’s SCiON Internet can provide for your business data in order to achieve maximum flexibility and accessibility with the highest level of security and dependability.

Control where your data goes

Anapaya offers companies the ability to select only trusted networks for their data passes through. Organisations who use Anapaya’s solution will be completely immune to BGP attacks, with information only being sent through legitimate networks registered through an approved network. This allows businesses with sensitive data, such as banks, energy and utilities, life science and others peace of mind whenever they connect.

Control which geographic areas to avoid

Not every country has the same rules and regulations surrounding internet privacy and online data security. These countries also happen to be the origin of many BGP hijacking attacks. To further complicate the issue, these countries also offer some of the most efficient prefixes available online. This leaves businesses in a vulnerable position if they wish to use the internet to send data.

However, this is no longer a threat to Anapaya solution users, as they may geofence certain areas. For example, if they wish to avoid specific geographical locations, they may choose which to avoid before sending or decide to avoid poorly regulated countries or networks entirely.

Control what types of routes to optimise for

For some businesses, the speed of data delivery is the most important. For others, the security of that data is paramount. No matter which you prefer, Anapaya gives you the ability to select paths and IP prefixes known for your preference. To avoid the possibility of a BGP attack, choosing the optimal route for security will guarantee your data’s safety and security.

Control what backup routes to switch to

Any kind of networking interruption or downtime could mean the vulnerability of essential monitoring and operational assets. Traditional connectivity solutions like the internet do not offer the same fast fail-over solution that Anapaya’s Next-Generation Internet does.

Anapaya’s solution enables you to automatically switch paths if there is a failure, and further allows you to optimise your network pathing for speed, reliability or any other variable you choose.

A Better Way to Connect

Businesses now have an option to protect themselves from BGP hijacking, and benefit from unprecedented security, reliability, compliance and control. Anapaya’s reliable and secure SCiON Internet enables organisations to have more freedom and flexibility online without the fear of cybercrime, making it one of the best ways to connect to the internet to date.

Anapaya delivers the SCiON software that powers the Swiss Finance Network (SSFN) - a solution that was developed in close collaboration with the Swiss Stock Exchange (SIX) and the Swiss National Bank (SNB) to protect financial transactions and sensitive data, and restore digital confidence with a secure, yet flexible connectivity. Moving forward SSFN will replace the Finance IPNet as a primary network Swss banks use for communication between one another, thus ensuring the integrity of the Swiss financial data. In short - businesses today have a better way to connect.

If Anapaya’s solutions interest you or you believe that it could benefit your own business, visit our official website for more information. Alternatively, if you want to find out more about how you can protect yourself, your data and your company online, check out our blog for more information.

TAGS:

SCION, Cybersecurity

Schedule a free
consultation and experience the power of SCION

Our specialists are ready to assist you in becoming SCION-enabled. Fill in the form on the right and elevate your network to the next level.