Get All Access for $5/mo

The Rise of BGP Hijacking and Why You Need a Response Plan Immediately The primary consequence of this kind of attack is that hackers can reroute information to different locations.

By Deepak Gupta

Opinions expressed by Entrepreneur contributors are their own.

Border Gateway Protocol (BGP) Hijacking is one of the many famous attacks hackers deploy to interfere with content delivery networks (CDNs). Hackers may also be capable of interfering with cloud hosting providers. Recently, almost all major cloud service providers like Google, Amazon and GoDaddy have become victims of BGP Hijacking.

How does a BGP function?

Before getting into the depth of how BGP hijacking occurs, it is important to delve into BGP. BGP is essentially a routing protocol that can connect several networks. This congregation of networks is known as an Autonomous System (AS). A routing protocol is used to transfer information or data packets across several networks.

Typically, an AS consists of ISP providers, large tech enterprises, or in some cases, networks that belong to governments. Every AS receives a unique number responsible for controlling a specific set of IP ranges or spaces known as prefixes. Every AS displays the list of IP addresses they control and possible pathways to neighboring routers or Peers during data packet routing.

The information regarding the peers and the IPs in control are stored in routing tables and frequently change when new networks and shorter pathways appear.

Related: For the Average Hacker, Your Small Business Is an Ideal Target

The anatomy of a BGP hijacking

The primary consequence of BGP hijacking is that hackers can reroute information traveling through a network to different locations. They can do so using the following steps:

Route announcement

The first step is to send out an announcement of new BGP routes. This announcement will only be believable if it is announced by a legitimate AS. The bad actor will use a compromised AS to do so. The route announcement usually involves releasing a table of all the available prefixes or IP ranges. If all goes well, they will announce new BGP routes to their global network peers.

IP specificity

The IP addresses chosen for display are more specific in comparison to legitimate IP addresses. In most cases, hackers employ unused prefixes, or IP ranges present on real and legitimate AS networks. This can help to improve the chances of concealing the hackers' identity drastically.

The information pathway is only intercepted if the hackers can prove that the new route is shorter. The more efficient they show their network to be, the more information will be intercepted.

Crafting the right response plan

BGP hijacking is one of the more prevalent cyberattacks currently. In fact, in April 2018, attackers infiltrated Amazon Route 53. They then went on to reroute 1,300 addresses hoping to steal cryptocurrency. The hackers were able to avoid suspicion by acting as a cryptocurrency website known as MyEtherWallet.com. They subsequently stole around $150,000 in cryptocurrency from end-users. Therefore, companies, both big and small, require a response plan to incapacitate the attacker.

A typical incident response attack after a BGP hijacking takes place can be far from easy. This is because of how hackers can conceal themselves. However, in most cases, companies carry out a three-step incident response plan.

These steps include detection, containment and eradication. Of these, the containment step is especially challenging, given that route announcements can take place rapidly.

Related: Crypto Hacker's Data Vulnerable to FBI Through Palantir Glitch

Preventing BGP hijacking

To prevent this cyberattack, companies will have to either rely on the measures put forward by their ISP or implement their security measures. The latter has to take place if the company owns the AS network.

Companies that depend on the security measures put forward by their ISPs will have to constantly contact the providers to ensure that the vulnerabilities within the network are eradicated.

In the second case, an organization should consider carrying out the following steps:

  • Create a peering policy that can help peers to determine the legitimacy of the IP addresses. A company has a choice between an open peering policy and a selective one depending on its needs from its network.

  • MANRS (Mutually Agreed Norms for Routing Security) is a collection of best practices organizations can utilize to protect their networks from BGP hijacking. Therefore, it is important to incorporate this in the security measures.

  • Restrict the number of prefixes or IP ranges displayed by an AS network to limit the number of announcements being made.

  • Implement authentication checkpoints through which an operator has to go through before accepting an announcement.

In addition to this, organizations also turn to route filtering, real-time BGP update checks and more to ensure that hackers cannot hijack the network. However, an automated response tool is the most impressive and accurate security measure that an organization can invest in. This tool will work as both a detector and mitigation tool to help prevent hijacking.

Although there has been a rise in cases of BGP hijacking in the past few years, organizations today are more equipped to handle it with the drastic enhancement of security options.

Related: 5 Types of Business Data Hackers Can't Wait to Get Their Hands On

Deepak Gupta

CTO of LoginRadius

Deepak Gupta is a developer, tech entrepreneur and cybersecurity leader. Gupta is the co-founder and CTO of LoginRadius, a cloud-based consumer identity platform.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Side Hustle

'Hustling Every Day': These Friends Started a Side Hustle With $2,500 Each — It 'Snowballed' to Over $500,000 and Became a Multimillion-Dollar Brand

Paris Emily Nicholson and Saskia Teje Jenkins had a 2020 brainstorm session that led to a lucrative business.

Business News

'I'm Not Trying to Land on Mars': Mark Cuban Takes Dig at Elon Musk to Explain Why His Online Pharmacy Isn't Trying to Make More Money

Mark Cuban Cost Plus Drug Co. is an online pharmacy co-founded by Cuban and radiologist Alex Oshmyansky.

Business News

'It's Not About You': How to Fire Someone Effectively, According to Kevin O'Leary

O'Leary says that if you can't fire someone, you aren't the right leader for the organization.

Business News

Meta Makes $1 Million Dollar Donation to Donald Trump's Inaugural Fund

Meta CEO Mark Zuckerberg also reportedly gave Trump a pair of Ray-Ban Meta smart glasses.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Marketing

Your Most Powerful Marketing Weapon Is Hiding in the Finance Department — Here's Why

Transform your marketing leadership by turning finance from a barrier into a strategic ally. Learn how aligning with your finance team can drive unprecedented growth and innovation.