BACKGROUND:
Today the NCSC released its annual Cyber Threat Report which highlights an increase in denial of service incidents against New Zealand’s nationally significant organisations.
The report says:
· In the 2020/21 year, 33% of malicious incidents fell into the post-compromise category. A large proportion of these were denial of service or ransomware incidents.
· These actors aim to apply pressure and extort payments from high-value, high-reward victims by deliberately disrupting critical services.
The findings of the report reflects the trends cybersecurity company Imperva has witnessed in NZ.
Reinhart Hansen, Asia Pacific and Japan CTO for Imperva provides further context in his commentary below. He discusses:
· How heavily NZ is being targeted for DDoS attacks and why
· Reasons why some NZ organisations have fallen prey to DDoS attacks
· What NZ organisations should do to better mitigate the risk of DDoS attacks in the future
<p>Imperva’s <a href=\"https://www.imperva.com/resources/resource-library/reports/ddos-threat-landscape-report/?utm_source=media-alert&utm_medium=pr\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.imperva.com/resources/resource-library/reports/ddos-threat-landscape-report/?utm_sourcemedia-alertutm_mediumpr&source=gmail&ust=1637152099945000&usg=AOvVaw2zqyzYzkw_SGcR6BCXzJmj\"> 2021 DDoS report</a> ranked New Zealand sixth in the world for application DDoS attacks. This is significant given the relatively small corporate and government footprint within the NZ compared to other countries. This ranking is likely due to the region’s willingness to adopt new app development technologies coupled with the acceleration of DevOps programs and practices during COVID. This has created an increased application attack surface for cyber criminals to target. </p>
<p>In recent months we’ve seen instances where NZ organisations thought they had sufficient DDoS protection, but had failed to secure one specific digital asset. The attackers found that weakness and successfully took that business offline. This highlights the importance of knowing where all your digital assets are located and ensuring all have sufficient DDoS protection. If you have gaps in your defences, the cyber criminals will find them and exploit them. </p>
<p>Imperva also witnessed a clear trend towards shorter, higher volume attacks which are designed to take out organisations with low or legacy defences. This includes those organisations that mistakenly assume their telecommunications or internet service provider (ISP) will automatically provide adequate DDoS protection. This is not always the case. Even those that do, don’t typically protect against all the different types of DDoS attacks. They also tend to use in-house technology and solutions that are not ‘always-on’ and don’t leverage a global mitigation approach. Instead they offer a manual or semi-automated response that uses localised mitigation. </p>
<p>This approach is not effective against the increasing trend of highly distributed, short, sharp, persistent attacks. Since 2020, DDoS attacks have increased four-fold, volume has doubled and the average attack duration is just six minutes. We only expect this to increase with the maturity of 5G networks and the continued adoption of IoT. The most recent example of this is the new Meris botnet which is breaking DDoS records and is powered by 250,000 malware-infected devices. This is why NZ organisations need to ensure they have a robust DDoS protection in place.</p>