Web hosting provider 123-reg was hit by a +30Gbps DDoS attack between 10.10am and 10.40am this morning. The servers managed to stay online thanks to the company’s DDoS protection platform, however critical applications such as email, control panels and websites (including 123-reg’s own website) were down for a large number of customers. Wieland Alge, VP and GM EMEA at Barracuda Networks commented below.
Wieland Alge, VP and GM EMEA at Barracuda Networks:
“30 minutes may seem like an effective response time against such a powerful DDoS attack, however a survey from IDC last year found that the average cost of critical application failure was between £375k to £750k per hour, so every second counts when critical systems like email are down.
“The key to effective DDoS protection is the ability distinguish real users from malicious requests so that suspicious traffic can be blocked or challenged, but this is not easily done. A network firewall can protect Layer 4 protocols and even do deep packet inspection, but truly protecting against web application layer attacks generally requires terminating the HTTP or HTTPS protocols and often rewriting traffic to identify and mitigate threats. Just as a network firewall is not designed to stop spam, it is also not designed to stop web application attacks. This type of misunderstanding leaves the web application exposed, and gives the administrator a false sense of security. A web application firewall is much better suited to combatting DDoS attacks.
“It’s also worth considering some form of dynamic client fingerprinting as part of any DDoS solution. Mechanisms that can detect suspicious clients using script injections and challenge suspected malicious requests with a CAPTCHA test can be a lifesaver when a DDoS army is very distributed, stays below the rate control radar, and its user systems have not been blacklisted.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…