Fortinet Blog | News and Threat Research

With the World Internet Protocol version 6 (IPv6) launch safely under our belts, organizations will inevitably be faced with the daunting task of upgrading every device connected to their network—no small task for any company that has an Internet connection and Web-connected machines.

The reason for this gargantuan undertaking is perhaps due to an slight snafu regarding available addresses and perhaps an unanticipated number of Internet users and devices.

It works like this: Internet Protocol assigns “addresses” to individual Web-enabled devices, such as laptops, mobile phones, printers, scanner, etc… in order for them to successfully connect to a network.

“Not having an address is the equivalent of picking up the phone to call someone, but not receiving a dial tone,” said Guillaume Lovet, Fortinet senior manager of EMEA threat research. However, with the previous IPv4 protocol, the well of available Internet addresses up for grabs was about to run dry. The system, as it was, appeared to be heading straight for a shortage that would have blocked an untold number of users from future Internet connection. The launch of IPv6 simply resolves that shortage by opening up infinitely more addresses, ensuring that users could safely carry on their online activities for years to come.

While one crisis was averted, the transition to any new protocol is destined to present new security issues for users that will no doubt have a significant impact on any organization’s security posture.

For one, the nature of the new protocol could set the stage for an easier proliferation of malware, Lovet contended. Why? With IPv6, the number of available unique addresses is exponentially higher than its predecessor. While ensuring beyond a shadow of a doubt that users will have access to the Internet for generations to come, scanning network addresses becomes virtually impossible, while identifying assigned addresses through random generation will be “rather improbable,” Lovet maintained.

But it’s a double-edged sword. On the flip side,  network-based threats will have to overcome bigger obstacles in order to propagate and infect their users. The reason being is that network-based threats rely on the random generation of IP addresses in order to spread. Given that, the chance that hackers could randomly generate a viable assigned address in light of the exponentially higher number of addresses available over IPv6 is practically zero.

“Hackers will therefore have to adapt network-based malware to make it effective in the expanded address space provided by the IPv6 protocol,” Lovet said.

That said, network based threats don’t come close to representing the majority of malware, and the transition to a new Internet Protocol will have no bearing on some of the most malicious types of attacks. In short, users who think the transition to IPv6 will bolster their defenses against application layer worms, viruses and bots–or malware targeting content such as YouTube or Facebook–will need to start ramping up their security solutions. IPv6 has no power in the application realm.

Meanwhile, with the almost limitless number of IPv6 addresses, one might assume that it would be virtually impossible to trace attack origins. Not so. In fact, sourcing an attack will actually be even easier due to the fact that IPv6 relies on IPSec, used to authenticate the origin of an IP packet, Lovet maintained.

While this nuance won’t prevent attackers from hiding behind proxies, “it should prohibit the falsification of the original address in other protocols,” he said.

But even with a brand new Internet Protocol equipped with a few more security defenses, it’s unlikely that cybercrime will diminish in a significant way. If historical trends are any indication, cybercrime will merely continue its upward trajectory. And whatever roadblocks IPv6 might put in front of threats, cybercriminals will almost certainly find ways around them.

As with anything else, users will eventually adjust to the new protocol and conduct business as usual while cybercriminals will continue forward with their malicious objectives by executing increasingly targeted, blended and sophisticated attacks. And any adequate defense for a user’s network will have to incorporate a multi-threat solution and a lot of awareness—just like before.

“This measure combined with greater user education remains the best safeguard against the deviousness and pure innovation of cybercriminals,” Lovet said.

Indeed, the more things change, the more they stay the same.