DDoS attacks taking aim at the financial services industry should be expected, especially when there is more at stake than just the denial of service itself. DDoS attacks are more commonly utilised as a distraction for a much larger and more damaging attempt at data exfiltration or breach. Today, the DDoS threat landscape is quite sophisticated – not only are attackers using brute force multi-vector DDoS attacks, but they have also started to implement more adaptive methods to profile the nature of the target network’s security defenses, allowing them to execute a second or third attack designed to circumvent the layered protection the organisation has in place for more nefarious purposes.
Free eBook: Modern Retail Security Risk – Get your copy now.
Multi-vector patterns of DDoS attacks are becoming more commonplace in the world of cyber warfare. From the volumetric attacks aimed to fill your pipe and squeeze your Internet bandwidth down to nothing, to the low and slow application layer attacks that sneak right through traditional defenses, combination attacks are becoming the norm. When peeling back the onion a bit to try and understand not only the motivations but also the collateral damage, an interesting trend is coming to light.
DDoS attacks are increasingly used as a smokescreen to camouflage other cyber-attacks, including data breaches that are driving a rise in financial fraud. The disruption caused by the DDoS attack can expose weaknesses in an organisation’s cyber defenses or overwhelm other security tools like firewalls or IPS/IDS, thereby filling security logging tools with garbage data and opening the door for cyber criminals to plant malware or steal sensitive information.
Given that intruders are now enhancing their evasion techniques with multi-vector and traditional high capacity DDoS attacks to achieve their purposes, organisations wishing to increase their security posture in the face of these sophisticated intrusions need to begin including DDoS mitigation tools in their on-premises defense in-depth architectures.
Without the DDoS event intelligence and real-time mitigation, provided by in-line, purpose-built DDoS protection technology, the victim organisation would largely be unaware of this activity and the risks it poses to their business as traditional security perimeters are not well architected for this task. Detecting these attacks utilising a cloud based anti-DDoS model is not likely a solution in this case because cloud anti-DDoS solutions are targeted at large-scale bandwidth saturation attacks that are intended to bring services down. These lower threshold threats are designed to fly under the radar with a more lucrative purpose – commandeering sensitive company or customer data – without tipping off security personnel.
Organisations must arm themselves with next generation on-premises DDoS defense platforms which incorporate both intelligent and automated filtering and detailed security forensics to effectively defeat these new advanced evasion threats.
By Dave Larson, CTO, Corero Network Security
About Corero Network Security
Corero Network Security is dedicated to improving the security of the Internet through the deployment of its innovative First Line of Defense® solutions. Corero products and services provide our customers with protection against a continuously evolving spectrum of DDoS attacks and cyber threats that have the potential to impact any Internet connected business. Corero provides the opportunity to enhance defense-in-depth security architectures with an important additional layer of security capable of inspecting traffic arriving from the Internet in real time and applying access policies designed to match the needs of the business.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.