Cyber-crimes are changing and businesses need to understand how to protect themselves from falling victim to online attacks. Cyber-criminals are operating on an increasingly sophisticated level. One trend that particularly stands out is the rise in larger size Distributed Denial of Service (DDoS) attacks.
For example, in mid-February 2020, AWS reported its largest DDoS attack ever, where its security service mitigated a 2.3 Tbps attack. Across all industries, DDoS attacks ranging in size from 10 to 100 Gbps increased by 50% in 2020.
While there are many high-profile cyber-attacks such as the AWS case, there are also many attacks that go unnoticed or unreported. Businesses that may see these ‘tip of the iceberg’ attacks, also need to be aware of what sits beneath the surface. The growing issue lies with the daily, low-level metric attacks that are impacting businesses. According to industry estimates, 95% of all attacks can be categorised as being sub-5 Gbps. The consequential impact of these attacks is internet access being blocked, as well as server and network resources being inaccessible.
In today’s highly competitive digital business environment, downtime or latency can be more devastating to a business than previously considered. Therefore, businesses need to ensure they are equipped with a strong defence strategy to mitigate any incoming attacks.
The evolution of DDoS attacks
Businesses first need to understand what they’re up against. DDoS attacks have been around for nearly as long as the internet. However, just as the internet has evolved, so has the attack landscape.
Industry estimates further indicate that multi-vector DDoS attacks continue to increase. Traditionally, criminals would use one direct method of attack, but now, multi-vector attacks are performed in quick succession in an attempt to evade protection measures. DDoS activity is also known for its pervasiveness, short duration and repetitive attacks.
With rising levels of DDoS activity, attacks can be impossible to mitigate without early threat detection and automated traffic profiling systems. It’s not uncommon for businesses to realise they’ve been attacked once a website application slows to a halt or crashes. This is especially true for sophisticated attacks, which use a blended approach and simultaneously target multiple layers of the Open Systems Interconnection (OSI) model.
DDoS attacks target databases, applications, and infrastructure simultaneously to increase their chances of success. To protect against these attacks, businesses need a strategy, as well as a reliable DDoS prevention and mitigation solution. IT security buyers need to invest in an integrated security strategy that protects all infrastructure across multiple layers.
Implementing the right defence strategies
Businesses need to develop a DDoS defence plan based on a thorough security assessment. When a DDoS attack strikes, there is no time to think about the best steps to take. The plan needs to be defined in advance, to enable prompt reactions and avoid any negative impacts.
Some key elements of an effective plan include organising a response team, defining notification and escalation procedures, and including a list of internal and external contacts who will need to be informed when an attack is taking place. Additionally, a list of assets, such as web servers, network elements, or applications directly connecting to the internet with corresponding public IP addresses, should be defined and protected in the event of an attack.
Implementing multiple protection strategies in parallel will also mitigate network security threats. These include next-generation security features, such as advanced intrusion prevention and threat response systems, which combine firewalls, VPN, anti-spam, content filtering, and network security with DDoS mitigation solutions. Together, these next-generation security features enable constant and consistent network protection to manage a DDoS attack.
Focusing on a secure network architecture is vital to security too. Businesses should create redundant network resources, where if one server is attacked, the others can handle the extra network traffic. When possible, servers should be located in different places geographically since dispersed resources are more difficult for attackers to target.
Finding the right partner
Businesses should also consider outsourcing DDoS prevention to internet service providers (ISPs) with cloud-based DDoS mitigation services, as this offers several advantages. Seek out providers offering “always-on” solutions, as these can absorb huge volumes of malicious traffic, with minimal latency impact, before it reaches its intended destination. Where enterprises need to augment their always-on solutions with some control over how and when mitigation can be applied, ISPs that offer customer-initiated traffic redirect capabilities in an automated fashion have a significant advantage. In addition, DDoS solution services provided through an integrated Tier 1 Internet Service Provider benefit from threat intelligence capabilities that constantly monitor the larger internet for the latest DDoS tactics and emerging attack trends.
DDoS attacks will likely continue to form a significant part of the enterprise security threat landscape. Traditional security measures will not be able to hold up against the advancing level of sophistication of these DDoS attacks. In order for businesses to keep up, they’ll need to be well prepared and implement consistent measures to protect against such attacks. Only then will businesses be less exposed to the costly repercussions of a DDoS attack.
Samir Desai is GTT’s vice president of managed and security services. He has over 20 years of experience in telecoms product concept development, specifically in fixed, wireless managed data and information security segments. Samir oversees GTT’s global portfolio of innovative solutions delivering a comprehensive SASE experience to his customers. Products under his remit include Secure SD-WAN, Network & Cloud Security, Managed Detection & Response and Managed Network Services.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.