Web hosting provider 123-reg was hit by a +30Gbps DDoS attack between 10.10am and 10.40am this morning. The servers managed to stay online thanks to the company’s DDoS protection platform, however critical applications such as email, control panels and websites (including 123-reg’s own website) were down for a large number of customers. Wieland Alge, VP and GM EMEA at Barracuda Networks commented below.
Wieland Alge, VP and GM EMEA at Barracuda Networks:
“30 minutes may seem like an effective response time against such a powerful DDoS attack, however a survey from IDC last year found that the average cost of critical application failure was between £375k to £750k per hour, so every second counts when critical systems like email are down.
“The key to effective DDoS protection is the ability distinguish real users from malicious requests so that suspicious traffic can be blocked or challenged, but this is not easily done. A network firewall can protect Layer 4 protocols and even do deep packet inspection, but truly protecting against web application layer attacks generally requires terminating the HTTP or HTTPS protocols and often rewriting traffic to identify and mitigate threats. Just as a network firewall is not designed to stop spam, it is also not designed to stop web application attacks. This type of misunderstanding leaves the web application exposed, and gives the administrator a false sense of security. A web application firewall is much better suited to combatting DDoS attacks.
“It’s also worth considering some form of dynamic client fingerprinting as part of any DDoS solution. Mechanisms that can detect suspicious clients using script injections and challenge suspected malicious requests with a CAPTCHA test can be a lifesaver when a DDoS army is very distributed, stays below the rate control radar, and its user systems have not been blacklisted.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…