3 Drivers Behind the Increasing Frequency of DDoS Attacks

What’s causing the uptick? Motivation, opportunity, and new capabilities.

According to IDC Research’s recent US DDoS Prevention Survey, more than 50% of IT security decision makers said that their organization had been the victim of a distributed denial-of-service (DDoS) attack as many as 10 times in the past year. For those who experienced an attack, more than 40% lasted longer than 10 hours. This statistic correlates with our ATLAS findings, which show there were 7.5 million DDoS attacks in 2017 — a rate, says Cisco, that is increasing at roughly the same rate as Internet traffic.

What’s behind the uptick? It boils down to three factors: motivation of the attackers; the opportunity presented by inexpensive, easy-to-use attack services; and the new capabilities that Internet of Things (IoT) botnets have.

Political and Criminal Motivations
In an increasingly politically and economically volatile landscape, DDoS attacks have become the new geopolitical tool for nation-states and political activists. Attacks on political websites and critical national infrastructure services are becoming more frequent, largely because of the desire and capabilities of attackers to affect real-world events, such as election processes, while staying undiscovered.

In June, a DDoS attack was launched against the website opposing a Mexican presidential candidate during a debate. This attack demonstrated how a nation-state could affect events far beyond the boundaries of the digital realm. It threatened the stability of the election process by knocking a candidate’s website offline while the debate was ongoing. Coincidence? Perhaps. Or maybe an example of the phenomenon security experts call “cyber reflection,” when an incident in the digital realm is mirrored in the physical world.

DDoS attacks carried out by criminal organizations for financial gain also demonstrate cyber reflection, particularly for global financial institutions and other supra-national entities whose power makes them prime targets, whether for state actors, disaffected activists, or cybercriminals. While extortion on the threat of DDoS continues to be a major threat to enterprises across all vertical sectors, cybercriminals also use DDoS as a smokescreen to draw attention away from other nefarious acts, such as data exfiltration and illegal transfers of money.

Attacks Made Easy
This past April, Webstresser.org — one of the largest DDoS-as-a-service (DaaS) providers in existence, which allowed criminals to buy the ability to launch attacks on businesses and responsible for millions of DDoS attacks around the globe — was taken down in a major international investigation. The site was used by a British suspect to attack a number of large retail banks last year, causing hundreds of thousands of pounds of damage. Six suspected members of the gang behind the site were arrested, with computers seized in the UK, Holland, and elsewhere. Unfortunately, as soon as Webstresser was shut down, various other similar services immediately popped up to take its place.

DaaS services like Webstresser run rampant in the underground marketplace, and their services are often available at extremely low prices. This allows anyone with access to digital currency or other online payment processing service to launch a DDoS attack at a target of their choosing. The low cost and availability of these services provide a means of carrying out attacks both in the heat of the moment and after careful planning.

The rage-fueled, irrational DDoS-based responses of gamers against other gamers is a good example of a spur-of-the-moment, emotional attack enabled by the availability of DaaS. In other cases, the DaaS platforms may be used in hacktivist operations to send a message or take down a website in opposition to someone’s viewpoint. The ease of accessibility to DaaS services enables virtually anyone to launch a cyberattack with relative anonymity.

IoT Botnets
IoT devices are quickly brought to market at the lowest cost possible, and securing them is often an afterthought for manufacturers. The result? Most consumer IoT devices are shipped with the most basic types of vulnerabilities, including hard code/default credentials, and susceptibility to buffer overflows and command injection. Moreover, when patches are released to address these issues, they are rarely applied. Typically, a consumer plugs in an IoT device and never contemplates the security aspect, or perhaps does not understand the necessity of applying regular security updates and patches. With nearly 27 billion connected devices in 2017, expected to rise to 125 billion by 2030 according to analysis from IHS Markit, they make extremely attractive targest for malware authors.

In the latter half of 2016, a high-visibility DDoS attack against a DNS host/provider was observed, which affected a number of major online properties. The malware responsible for this attack, and many others, was Mirai. Once the source code for Mirai was published on September 30, 2016, it sparked the creation of a slew of other IoT-based botnets, which have continued to evolve significantly. Combined with the proliferation of IoT devices, and their inherent lack of security, we have witnessed a dramatic growth in both the number and size of botnets. These new botnets provide the opportunity for attackers and DaaS services to create new, more powerful, and more sophisticated attacks.

Conclusion
Today’s DDoS attacks are increasingly multivector and multilayered, employing a combination of large-scale volumetric assaults and stealth infiltration targeting the application layer. This is just the latest trend in an ever-changing landscape where attackers adapt their solutions and make use of new tools and capabilities in an attempt to evade and overcome existing defenses. Businesses need to maintain a constant vigilance on the techniques used to target them and continually evolve their defenses to industry best practices.

Source: https://www.darkreading.com/attacks-breaches/3-drivers-behind-the-increasing-frequency-of-ddos-attacks/a/d-id/1332824

California Dem hit with DDoS attacks during failed primary bid: report

The campaign website of a Democratic congressional candidate in California was taken down by cyberattacks several times during the primary election season, according to cybersecurity experts.

Rolling Stone reported on Thursday that cybersecurity experts who reviewed forensic server data and emails concluded that the website for Bryan Caforio, who finished third in the June primary, was hit with distributed denial of service (DDoS) attacks while he was campaigning.

The attacks, which amount to artificially heavy website traffic that forces hosting companies to shut down or slow website services, were not advanced enough to access any data on the campaign site, but they succeeded in blocking access to bryancaforio.com four times before the primary, including during a crucial debate and in the week before the election.

Caforio’s campaign didn’t blame his loss on the attacks, but noted that he failed to advance to a runoff against Rep. Steve Knight (R-Calif.) by coming up 1,497 votes short in his loss against fellow Democrat Katie Hill.

Caforio’s campaign tried several tactics to deter malicious actors, including upgrading the website’s hosting service and adding specific DDoS protections, which in the end failed to deter the attacks.

“As I saw firsthand, dealing with cyberattacks is the new normal when running for office, forcing candidates to spend time fending off those attacks when they should be out talking to voters,” Caforio told the magazine.

A spokeswoman for the Department of Homeland Security (DHS) told Rolling Stone that it offered to help Caforio’s campaign investigate the four attacks but received no response.

A DHS spokesperson did not immediately respond to a request for comment from The Hill.

An aide to the Democratic Congressional Campaign Committee, the campaign arm for House Democrats, told Rolling Stone that it takes attacks such as the ones Caforio faced “very seriously.”

“While we don’t have control over the operations of individual campaigns, we continue to work with and encourage candidates and their staffs to utilize the resources we have offered and adopt best security practices,” the aide said.

Source: https://thehill.com/policy/cybersecurity/407608-california-democrat-hit-with-ddos-attacks-during-failed-primary-bid

IoT malware grew significantly during the first half of 2018

New research from Kaspersky Lab reveals how cybercriminals are targeting IoT devices.
During the first half of 2018, malware designed specifically for Internet of Things (IoT) devices grew three-fold with over 120,000 modifications of malware according to new research from Kaspersky Lab.

The security firm’s IoT report revealed that the growth of malware families for smart devices is snowballing and part of a dangerous trend that could leave consumer devices vulnerable to illegal activity including cryptocurrency mining, DDoS attacks or being used in large scale attacks by becoming part of a botnet.

Kaspersky Lab is well aware of these threats and the company has set up its own decoy devices called honeypots to lure cybercriminals and analyse their activities online.

According to the statistics, the most popular method of spreading IoT malware is still brute forcing passwords where hackers repetitively try various password combinations before eventually gaining access to a device. Brute forcing was used in 93 per cent of attacks while well-known exploits were used in the remaining cases.

Kaspersky Lab’s honeypots were attacked most often by routers with 60 per cent of attacks coming from them. The remaining attacks were carried out by a variety of devices including DVRs and printers. Surprisingly, 33 attacks were carried out by connected washing machines.

Why target IoT devices

Cybercriminals may have different reasons for exploiting IoT devices but the most popular reason was to create botnets which would be used to facilitate DDoS attacks. Some of the malware modifications discovered by Kaspersky Lab were even tailored to disable competing malware.

Principal Security Researcher at Kaspersky Lab, David Emm provided further insight on the firm’s report, saying:

“For those people who think that IoT devices don’t seem powerful enough to attract the attention of cybercriminals, and that won’t become targets for malicious activities, this research should serve as a wake-up call. Some smart gadget manufacturers are still not paying enough attention to the security of their products, and it’s vital that this changes – and that security is implemented at the design stage, rather than considered as an afterthought.

“At this point, even if vendors improve the security of devices currently on the market, it will be a while before old, vulnerable devices have been phased out of our homes. In addition, IoT malware families are rapidly being customised and developed, and while previously exploited breaches have not been fixed, criminals are constantly discovering new ones. IoT products have therefore become an easy target for cybercriminals, who can turn simple machines into powerful devices for illegal activity, such as spying, stealing, blackmailing and conducting Distributed Denial of Service (DDoS) attacks.”

Source: https://www.techradar.com/news/iot-malware-grew-significantly-during-the-first-half-of-2018

Hackers behind Mirai botnet could be sentenced to working for the FBI

This comes after more than 18 months of already helping the FBI stop cyberattacks

Three young hackers went from believing they were “untouchable” to helping the FBI stop future cyberattacks.

The trio of hackers behind the Mirai botnet — one of the most powerful tools used for cyberattacks — has been working with the FBI for more than a year, according to court documents filed last week.

Now the government is recommending they be sentenced to continue assisting the FBI, instead of a maximum five years in prison and a $250,000 fine.

“By working with the FBI, the defendants assisted in thwarting potentially devastating cyberattacks and developed concrete strategies for mitigating new attack methods,” US attorneys said in a motion filed Sept. 11. “The information provided by the defendants has been used by members of the cybersecurity community to safeguard US systems and the Internet as a whole.”
Originally, a probation officer on the case recommended that all three defendants be sentenced to five years’ probation and 200 hours of community service.

Because of the hackers’ help, prosecutors have asked that the community service requirement be bumped up to 2,500 hours, which would include “continued work with the FBI on cybercrime and cybersecurity matters.”

The three defendants are set to be sentenced by a federal judge in Alaska. The sentencing plea Tuesday was earlier reported by Wired.

Hacker rehab

Governments have taken a new approach with young, first-offender hackers, in the hopes of rehabilitating them and recruiting them to help defend against future attacks. The UK offers an alternative called the “cybercrime intervention workshop,” essentially a boot camp for young hackers who have technical talent but poor judgment.

The three defendants — Josiah White, Paras Jha and Dalton Norman — were between the ages of 18 and 20 when they created Mirai, originally to take down rival Minecraft servers with distributed denial-of-service attacks.

DDoS attacks send massive amounts of traffic to websites that can’t handle the load, with the intention of shutting them down. Mirai took over hundreds of thousands of computers and connected devices like security cameras and DVRs, and directed them for cyberattacks and traffic scams.

In one conversation, Jha told White that he was “an untouchable hacker god” while talking about Mirai, according to court documents.

The botnet was capable of carrying out some of the largest DDoS attacks ever recorded, including one in 2016 that caused web outages across the internet. The three defendants weren’t behind the massive outage, but instead were selling access to Mirai and making thousands of dollars, according to court documents.

Helping the FBI

The three hackers pleaded guilty in December, but had been helping the government with cybersecurity for 18 months, even before they were charged. Prosecutors estimated they’ve worked more than 1,000 hours with the FBI — about 25 weeks in a typical workplace.

That includes working with FBI agents in Anchorage, Alaska, to find botnets and free hacker-controlled computers, and building tools for the FBI like a cryptocurrency analysis program.

In March, the three hackers helped stop the Memcached DDoS attack, a tool that was capable of blasting servers with over a terabyte of traffic to shut them down.

“The impact on the stability and resiliency of the broader Internet could have been profound,” US attorneys said in a court document. “Due to the rapid work of the defendants, the size and frequency of Memcache DDoS attacks were quickly reduced such that within a matter of weeks, attacks utilizing Memcache were functionally useless.”

According to US officials, the three hackers also last year helped significantly reduce the number of DDoS attacks during Christmas, when activity usually spikes. Along with helping the FBI, the three defendants have also worked with cybersecurity companies to identify nation-state hackers and assisted on international investigations.

Jha now works for a cybersecurity company in California while also attending school. Dalton has been continuing his work with FBI agents while attending school at the University of New Orleans, and White is working at his family’s business.

Prosecutors heavily factored their “immaturity” and “technological sophistication” as part of the decision.

“All three have significant employment and educational prospects should they choose to take advantage of them rather than continuing to engage in criminal activity,” the court documents said.

Source: https://www.cnet.com/news/hackers-behind-mirai-botnet-could-be-sentenced-to-working-for-the-fbi/

DDoS attacks: Students blamed for many university cyber attacks

DDoS attacks against university campuses are more likely in term time.

Nation-states and criminal gangs often get the blame for cyber attacks against universities, but a new analysis of campaigns against the education sector suggests that students — or even staff — could be perpetrators of many of these attacks.

Attributing cyber attacks is often a difficult task but Jisc, a not-for-profit digital support service for higher education, examined hundreds of DDoS attacks against universities and has come to the conclusion that “clear patterns” show these incidents take place during term-time and during the working day — and dramatically drop when students are on holiday.

“This pattern could indicate that attackers are students or staff, or others familiar with the academic cycle. Or perhaps the bad guys simply take holidays at the same time as the education sector,” said John Chapman, head of security operations at Jisc.

While the research paper notes that in many cases the reasons behind these DDoS campaigns can only be speculated about, just for fun, for the kudos and to settle grudges are cited as potential reasons.

In one case, a DDoS attack against a university network which took place across four nights in a row was found to be specifically targeting halls of residence. In this instance, the attacker was launching an attack in order to disadvantage a rival in online games.

The research notes that attacks against universities usually drop off during the summer — when students and staff are away — but that the dip for 2018 started earlier than it did in 2017.

“The heat wave weather this year could have been a factor, but it’s more likely due to international law enforcement activity — Operation Power Off took down a ‘stresser’ website at the end of April,” said Chapman.

The joint operation by law enforcement agencies around the world took down ‘Webstresser’, a DDoS for hire service which illegally sold kits for overwhelming networks and was, at the time, the world’s largest player in this space. This seemingly led to a downturn in DDoS attacks against universities.

But universities ignore more advanced threats “at their peril” said Chapman. “It’s likely that some of these more sophisticated attacks are designed to steal intellectual property, targeting sensitive and valuable information held at universities and research centres.”

Despite this, a recent survey by Jisc found that educational establishments weren’t taking cyber attacks seriously, as they weren’t considered a priority issue by many.

“When it comes to cyber security, complacency is dangerous. We do everything we can to help keep our members’ safe, but there’s no such thing as a 100% secure network,” said Chapman.

Source: https://www.zdnet.com/article/ddos-attacks-students-blamed-for-many-university-cyber-attacks/

How to train your network: the role of artificial intelligence in network operations

With the help of machine learning and AI, software-defined networks could soon aid businesses with network management.

A network that can fix and optimize itself without human intervention could become a reality soon – but not without some training. With the help of machine learning and artificial intelligence, software-defined networks can learn to help with network management by using operational data.  Initial application of AI to WAN operations includes security functions such as DDoS attack mitigation as well as near real-time, automated path selection, and eventually AI-defined network topologies and basic operations essentially running on ‘auto-pilot’.

Enhancing IT operations with artificial intelligence (AI), including configuration management, patching, and debugging and root cause analysis (RCA) is an area of significant promise – enough so that Gartner has defined the emerging market as “AIOps”. These platforms use big data and machine learning to enhance a broad range of IT operations processes, including availability and performance monitoring, event correlation and analysis, IT service management, and automation (Gartner “Market Guide for AIOps platforms,” August 2017).

Gartner estimates that by 2022, 40 percent of all large enterprises will combine big data and machine learning functionality to support and partially replace monitoring, service desk and automation processes and tasks, up from five percent today.

Limits of automation and policy for NetOps

Given the traditional split between APM (application performance management) and NPM (network performance management), even the best network management tools aren’t always going to help trace the root cause of every application and service interruption. There can be interactions between network and application that give rise to an issue, or a router configuration and issue with a service provider that’s impacting application performance.

Network operations personnel might respond to an incident by setting policies in the APM or NPM systems that will alert us when an unwanted event is going to happen again. The issue with policy-based management is that it is backwards looking. That’s because historical data is used to create into policies that should prevent something from happening again. Yet, policy is prescriptive; it doesn’t deal with unanticipated conditions. Furthermore, changes in business goals again more human intervention if there isn’t a matching rule or pre-defined action.

On the whole, SD-WAN services represent an improvement over management of MPLS networks. Still, the use of an SD-WAN isn’t without its own challenges. Depending on the number of locations that have to be linked, there can be some complexity in managing virtual network overlays. The use of on-demand cloud services adds another layer of complexity. Without sufficient monitoring tools, problems can escalate and result in downtime. At the same time, adding people means adding cost, and potentially losing some of the cost efficiencies of SD-WAN services.

AI is way forward for SD-WAN management

What would AIOps bring to SD-WAN management?

Starting with a programmable SD-WAN architecture is an important first step towards a vision of autonomous networking.  Programmable in this case means API-driven, but the system also needs to leverage data from the application performance and security stack as well as the network infrastructure as inputs into the system so that we can move from simple alerting to intelligence that enables self-healing, managing and optimization with minimal human intervention.

Monitoring all elements in the system in real time (or at least near real time) will require storing and analyzing huge amounts of data. On the hardware side, cloud IaaS services have made that possible. Acting on the information will require artificial intelligence in the form of machine learning.

Use Cases for AI in SD-WAN

There are a variety of ways to apply machine learning algorithms to large datasets from supervised to unsupervised (and points in between) with the result being applications in areas such as:

  • Security, where unexpected network traffic patterns and patterns of requests against an application can be detected to prevent DDoS attacks.
  • Enhancing performance of applications over the internet network with optimized route selection.

Looking more closely at security as a use case, how would AI and ML be able to augment security of SD-WANs? While the majority of enterprises are still trying to secure their networks with on-premise firewalls and DDoS mitigation appliances, they are also facing attacks that are bigger and more sophisticated. According to statistics gathered by Verisign last year:

  • DDoS attacks peaked at over 5Gbps approximately 25% of the time
  • During Q3 2017, 29% of attacks combined five or more different attack types.

Challenge: A multi-vector attack on an enterprise network has affected service availability in Europe.

Response: Application of AIOps to the SD-WAN underlay can automate the response to the attack. Instead of manually re-configuring systems, the network can automatically direct traffic to different traffic scrubbing centers based on real-time telemetry around network and peering point congestion, mitigation capacity, and attack type/source. Because the system can process data from outside sources at speeds far beyond human ability to manage the network, the system can adjust traffic flows back to normal transit routes as soon as the attack subsides, saving money on the cost of attack mitigation. AI and ML in conjunction with a programmable SD-WAN are capable of responding more quickly and in more granular fashion than is possible with standard policy-based “automatic detection” and mitigation techniques.

Where does AI in network go next?

Although the industry is still in the early days of applying machine learning to networking, there are a number of efforts underway to keep an eye on. One is the Telecom Infra Project (TIP), founded by Facebook and telecom first firms such as Deutsche Telecom and SK Telecom, which now counts several hundred other companies as members. The TIP recently started collaborating on AI with an eye towards predictive maintenance and dynamic allocation of resources. Important groundwork for the project will include defining common dataset formats that are used to train systems. That work could lead to further sharing of data between network providers and web companies, offering the prospect of significant improvements to security and threat detection for enterprises and consumers.

Further in the future, we might expect to see an AI designed network topology, combined with SDN control over resources. Networking will have moved from a paradigm of self-contained networks to a network ‘awareness’ overlay which enables coordinated, intelligent actions based on operator intention. Network engineers can put the system on ‘auto-pilot’ during everyday computing, and instead spend time orchestrating resources based on the goals of the business.

Source: https://www.itproportal.com/features/how-to-train-your-network-the-role-of-artificial-intelligence-in-network-operations/

DDoS Attacks Increase in Size by 500%

According to the Q2 2018 Threat ReportNexusguard’s quarterly report, the average distributed denial-of-service (DDoS) attack grew to more than 26Gbps, increasing in size by 500%.

The research looked at the same period last year and found that the maximum attack size quadrupled to 359Gbps. Evaluating thousands of worldwide DDoS attacks, researchers reportedly gathered real-time attack data from botnet scanning, honeypots, ISPs and traffic moving between attackers and their targets. Data analysis led researchers to attribute the stark surge to IoT botnets and Satori malware exploits, one of many variants of the Mirai malware.

“Due to the increase in IoT-related malware exploits and the rampant growth of large-scale DDoS attacks, research conclusions point to the continued use of IoT botnets. Cyber-attacks hit the 2018 FIFA World Cup, as well as cryptocurrency-related businesses, maximizing revenue loss,” Nexusguard wrote in a press release. Additionally, attacks on the Verge Network (XVG) resulted in a significant loss of 35 million XVG tokens.

“The biggest zero-day risks can stem from various types of home routers, which attackers can exploit to create expansive DDoS attacks against networks and mission-critical services, resulting in jumbo-sized attacks intended to cripple targets during peak revenue-generating hours,” said Juniman Kasman, chief technology officer for Nexusguard.

“Telcos and other communications service providers will need to take extra precautions to guard bandwidth against these super-sized attacks to ensure customer service and operations continue uninterrupted.”

Nexusguard analysts advise communications service providers (CSPs) and other potentially vulnerable operations to augment their preparedness so that they are able to maintain their bandwidth, especially if they lack full redundancy and failover plans in their infrastructures. CSPs and vulnerable organizations that enhance bandwidth protection will be better positioned to stay ahead of the surging attack sizes.

“In the quarter, increasingly large attacks (a YoY average-size increase of 543.17%) had a severe impact on Communication Service Providers (CSP),” the report said. “Serving as a link between attack sources and victim servers and infrastructures, CSPs bear the burden of the increasing size of traffic, irrespective of its source or destination. As such, Internet service is degraded.”

Source: https://www.infosecurity-magazine.com/news/ddos-attacks-increase-in-size-by/

Edinburgh Uni Hit by Major Cyber-Attack

The website of Edinburgh University was still down at the time of writing after the institution suffered a major cyber-attack during its Freshers’ Week.

A university spokesman told the Edinburgh Evening News that it has “rigid measures in place” to protect IT systems and data.

“Our defenses reacted quickly and no data has been compromised,” he added. “We will continue to work with our internet service provider, [national cybercrime investigators] and with other universities to prevent these network attacks in future.”

The main ed.ac.uk site was still down on Thursday morning, nearly 24 hours after the first reports of an attack went online. That would indicate a serious DDoS attack.

Jisc, the UK non-profit which runs the super-fast Janet network for research and educational institutions, released a statement claiming that a “number of universities” have been targeted this week and adding that the number of DDoS attacks on them “typically increases at this time of year, when students are enrolling at, or returning to university.”

“While Jisc is responsible for protecting connections to the Janet Network for its members (colleges, universities and research centres), members are responsible for protecting their own cyberspace,” it added. “However, Jisc also provides DDoS threat intelligence to its community and provides advice to members affected by cyber-attacks on how to deal with the problem and minimize the impact.”

Ironically, Edinburgh University was praised by the government this year for carrying out cutting-edge cybersecurity research. It is one of 14 Academic Centres of Excellence in Cyber Security Research, backed by the £1.9bn National Cyber Security Strategy.

DDoS attacks grew by 40% year-on-year in the first six months of 2018, according to new figures from Corero Networks.

The security firm claimed that attacks are becoming shorter — with 82% lasting less than 10 minutes — and smaller, with 94% under 5Gbps. However, one in five victims are hit with another attack within 24 hours, the report revealed.

Source: https://www.infosecurity-magazine.com/news/edinburgh-uni-hit-by-major-cyber/

DDoS attacks are getting even larger

Average DDoS attack is five times stronger this year, compared to the year before.
The average DDoS attack is five times stronger this year, compared to the year before, and the biggest DDoS attack is four times stronger than last year’s strongest, according to new reports.

Nexusguard’s Q2 2018 Threat Report analysed thousands of DDoS attacks worldwide and came to the conclusion that the average DDoS attack is now bigger than 26 Gbps, and the maximum attack size is now 359 Gbps.

IoT botnets are still largely in use, mostly because of the increasing number of IoT-related malware exploits, as well as the huge growth in large-scale DDoS attacks.

The report says that CSPs and susceptible operations should ‘enhance their preparedness to maintain their bandwidth, especially if their infrastructure don’t have full redundancy and failover plans in place’.

“The biggest zero-day risks can stem from various types of home routers, which attackers can exploit to create expansive DDoS attacks against networks and mission-critical services, resulting in jumbo-sized attacks intended to cripple targets during peak revenue-generating hours,” said Juniman Kasman, chief technology officer for Nexusguard. “Telcos and other communications service providers will need to take extra precautions to guard bandwidth against these supersized attacks to ensure customer service and operations continue uninterrupted.”

Universal datagram protocol, or UDP, is the hacker’s favourite attack tool, with more than 31 per cent of all attacks using this approach. This is a connectionless protocol which helps launch mass-generated botnets.

Top two sources of these attacks are the US and China.

Source: https://www.itproportal.com/news/ddos-attacks-are-getting-even-larger/

DDoS Protection is the Foundation for Application, Site and Data Availability

When we think of DDoS protection, we often think about how to keep our website up and running. While searching for a security solution, you’ll find several options that are similar on the surface. The main difference is whether your organization requires a cloud, on-premise or hybrid solution that combines the best of both worlds. Finding a DDoS mitigation/protection solution seems simple, but there are several things to consider.

It’s important to remember that DDoS attacks don’t just cause a website to go down. While the majority do cause a service disruption, 90 percent of the time it does not mean a website is completely unavailable, but rather there is a performance degradation. As a result, organizations need to search for a DDoS solution that can optimize application performance and protect from DDoS attacks. The two functions are natural bedfellows.

The other thing we often forget is that most traditional DDoS solutions, whether they are on-premise or in the cloud, cannot protect us from an upstream event or a downstream event.

  1. If your carrier is hit with a DDoS attack upstream, your link may be fine but your ability to do anything would be limited. You would not receive any traffic from that pipe.
  2. If your infrastructure provider goes down due to a DDoS attack on its key infrastructure, your organization’s website will go down regardless of how well your DDoS solution is working.

Many DDoS providers will tell you these are not part of a DDoS strategy. I beg to differ.

Finding the Right DDoS Solution

DDoS protection was born out of the need to improve availability and guarantee performance.  Today, this is critical. We have become an application-driven world where digital interactions dominate. A bad experience using an app is worse for customer satisfaction and loyalty than an outage.  Most companies are moving into shared infrastructure environments—otherwise known as the “cloud”— where the performance of the underlying infrastructure is no longer controlled by the end user.

  1. Data center or host infrastructure rerouting capabilities gives organizations the ability to reroute traffic to secondary data centers or application servers if there is a performance problem caused by something that the traditional DDoS prevention solution cannot negate. This may or may not be caused by a traditional DDoS attack, but either way, it’s important to understand how to mitigate the risk from a denial of service caused by infrastructure failure.
  2. Simple-to-use link or host availability solutions offer a unified interface for conducting WAN failover in the event that the upstream provider is compromised. Companies can use BGP, but BGP is complex and rigid. The future needs to be simple and flexible.
  3. Infrastructure and application performance optimization is critical. If we can limit the amount of compute-per-application transactions, we can reduce the likelihood that a capacity problem with the underlying architecture can cause an outage. Instead of thinking about just avoiding performance degradation, what if we actually improve the performance SLA while also limiting risk? It’s similar to making the decision to invest your money as opposed to burying it in the ground.

Today you can look at buying separate products to accomplish these needs but you are then left with an age old problem: a disparate collection of poorly integrated best-of-breed solutions that don’t work well together.

These products should work together as part of a holistic solution where each solution can compensate and enhance the performance of the other and ultimately help improve and ensure application availability, performance and reliability. The goal should be to create a resilient architecture to prevent or limit the impact of DoS and DDoS attacks of any kind.

Source: https://securityboulevard.com/2018/09/ddos-protection-is-the-foundation-for-application-site-and-data-availability/