DDoS (Distributed Denial of Service) attacks are no longer top of mind; however, today DDoS attacks are an even bigger threat than ever before.
The pandemic has accelerated digital transformation due to growth in digital services. The ever-increasing number of devices being exposed to the internet, the ever-growing dependency of organizations on these digital services as a virtual interface to customers, consumers, and citizens, the shift to remote work/work from home and the growth in importance of cryptocurrencies. All these factors have led to a continuous increase in the number and sophistication of cyber-attacks. According to Microsoft’s report, one of the main threats to organizations in 2021 was the rise in Distributed Denial of Service (DDoS) attacks.
Unlike a DoS attack where a single source is used to target a system, a DDoS attack floods the organization’s servers with thousands of requests from multiple sources through botnets. These attacks are also used as a decoy for infiltrating with ransomware or phishing for corporate disruption. Moreover, it is not possible to defend against a DDoS attack by blocking a single identified attack source. While the attackers are overloading the victim’s systems with illegitimate requests using botnets, their system such as VPN, websites, VoIP services, etc. can at times fail to fulfill the legitimate requests. This impacts on the organization’s activities.
Factors responsible for rise in DDoS attacks
The recent rise in DDoS attacks can be explained by the following factors:
- Online services dependency: Organizations are undergoing digital transformation and since the pandemic there has been a shift towards working from home. This has created a higher risk of the remote working devices becoming infected with malware and being available for use in the botnets used for DDoS attacks. There are several examples over the last 2 years where work from home devices were infected resulting in an impact on the organization which lasted for days and even weeks. At the same time almost, every organization is moving its services online. As more businesses make their way online, the potential number of victims for the cyber criminals increase
- Political instability: Political tensions between geographical regions have resulted in an increase in state sponsored cyber-attacks on critical infrastructure. Every country now needs to defend against these attacks. DDoS attacks have become a way for countries to engage in cyber warfare. Potential targets for this include defense and aeronautics companies as well to civil infrastructure to disrupt crucial public services.
- Cryptocurrency: Recently the cryptocurrency market has seen exponential growth with a large number of investors engaging in crypto financial activities. Cyber attackers have now shifted focus to target blockchain miners and cryptocurrency trade platforms using DDoS attacks. At the same time crypto currencies have equipped the cyber attackers with a way to receive ransom payments anonymously. As this industry continues to grow, we can expect to see a growth in the cyber-attacks in this space.
Recommendations to mitigate DDoS attacks
DDoS attacks cannot be avoided but specialized cybersecurity companies and Law Enforcement Agencies (LEAs) can bring down botnets. Organizations can use advanced analytics to track and assess the risk of attacks. Organization can take a few straightforward measures to control the disruption to their critical business services. Following are examples of some of these:
- Content Delivery Networks (CDN): In the past users have been unable to access websites simply due to an increase in traffic overloading the centralized systems. CDN provides a globally distributed server network that can help the business to maintain its services during peak load as well as to mitigate the effect of DDoS. A CDN allows you to isolate the affected services from a DDoS attack and keep the business functioning.
- Outsourcing to Cloud services: Running business services in the large cloud services has the benefit of the countermeasures that these providers take against DDoS as well as the additional anti-DDoS services that they provide. They also provide massive scalability making it harder to bring down their service by DDoS attacks.
- Monitoring network traffic: DDoS attacks increase network traffic to overload your service. Monitoring your network to identify the normal traffic patterns is important to help you to spot when something unusual is occurring. However, well-planned attacks often start without any warning. Thus, monitoring is important for detecting attacks rather than for mitigating their effects. Another approach is rate limiting, this helps to limit attempted DDoS attacks by restricting the number of specific types of requests accepted.
- Using Professional tools: There are many trusted DDoS prevention tools in the market. Leveraging these is a straightforward way to protect against and mitigate the effects of these attack
DDoS attacks have not gone away but in fact are increasing. DDoS attacks cannot be avoided but law enforcement and the large cyber security organizations are working to identify and disable them. KuppingerCole recommends that organizations take action to protect against these attacks by using the right tools. Below you will find further related topics on cyber-attacks and from KuppingerCole.
Advisory Note: Business Continuity in the age of Cyber Attacks
Advisory Note: Federal Regulations on Cybersecurity
Leadership Brief: Prepare and Protect against Software Vulnerabilities
Leadership Compass: Network Detection & Response (NDR)
Leadership Compass: Distributed Deception Platforms (DDPs)
Market Compass: Endpoint Protection, Detection, and Response
Whitepaper: Securing your IaaS Cloud