When distributed denial of service (DDoS) attacks created mayhem around the world in August, they left many organisations scrambling to protect themselves.
Security firm Imperva recently published findings from its monthly Cyber Threat Index scores. The firm found that in the month of August, there was a significant uptick in security incidents, with the largest occurring in Australia, the United Kingdom, and Canada.
August was the same month in which a global DDoS campaign caused significant downtime for New Zealand businesses including the NZX and Metservice.
DDoS attacks occur when threat actors target organisations' websites or public-facing networks, overloading those networks with manufactured web traffic and bringing those networks to a grinding halt.
New Zealand Imperva distributor Chillisoft's CEO Alex Teh says the attacks on NZX and other organisations have been attributed to the cybercriminal APT group Fancy Bear. He believes that the attacks were difficult to contain because they were left unchecked until they arrived at network entry points.
Teh also notes that cloud-based systems are better equipped to DDoS attacks because they block malicious activity at the source, rather than ‘on the doorstep'.
“More than simply disrupting the victim's network and taking down public-facing systems, DDoS attacks often had more sinister aims.
DDoS attacks have often been used as part of larger attacks for malware, phishing, and other cyber threats.
“A data breach event could be under your nose, but the sheer volume of requests hitting your website and networks masks underlying data exfiltration,” says Teh.
Imperva Office of the CTO's director of technology Reinhart Hansen adds that Imperva has seen a tenfold increase in DDoS-for-hire sites over the last 12 months, indicating that criminals may conduct more frequent attacks.
“DDoS-for-hire gives anyone the ability to launch an attack,” says Hansen. “You can pay as little as $50 for a five-minute attack on a named target. That tiny investment can have major implications when websites go down and criminals manage to tunnel into backend servers and customer data,” says Hansen.
Hansen adds that many organisations assume their service providers protect them from DDoS attacks, but it is a risky assumption to make.
Appliance-based on-premise DDoS protection used by some service providers effectively filtered malicious incoming traffic; however, their ability to handle DDoS traffic is capped by a network's uplink, which is rarely more than 10Gbps, leaving the door open to large scale attacks, he explains.
“Recent incidents should serve as a timely reminder for local businesses to put hard questions to their service providers to really understand what they're doing to protect their own infrastructure against DDoS attacks,” Hansen explains.
He adds that an organisation's protection is only as good as its provider's protection.
“The secret sauce is applying intelligence harvested from the global threat landscape to allow legitimate traffic through while keeping bad traffic out. That's Imperva sweet spot – we constantly evaluate the bot landscape to understand what is legitimate and what isn't. Every minute a business is unable to service a legitimate customer is a dent in revenue and reputation,” concludes Hansen.