Features, Insight, Opinion

Keeping Disruptive DDoS Attacks at Bay

Spokesperson: Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT

Cybercriminals launched about 4.4 million Distributed Denial of Service (DDoS) assaults in the second half of 2021, increasing the overall number of DDoS attacks in 2021 to 9.75 million — equating to one attack every three seconds.

DDoS is a malicious attempt to disrupt the regular traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.  DDoS attacks also target the mission-critical business applications that organisations rely on to manage daily operations, such as email, salesforce automation, and CRM. Critical industries, such as manufacturing, pharmaceuticals, and healthcare, have internal web properties that the supply chain and other business partners rely on for daily business operations. All of these are targets for today’s sophisticated cyber attackers.

It follows, that DDoS attacks represent a significant threat to business continuity as they can lead to costly downtime and lasting reputational damage. As organisations have grown more dependent on the Internet and web-based applications and services, connectivity and access to enterprise networks has become more critical than ever.

To defend against DDoS attacks, organisations must understand the nature of these attacks and the various tactics cybercriminals employ and take preventative measures to mitigate these risks.

Understanding DDoS attacks

Bad actors often adopt sophisticated and varied tactics to launch DDoS attacks and overwhelm organisational networks. For example, a volumetric attack will send enough requests to a network to deplete your internet circuit bandwidth, making the network unable to take any more requests and rendering it unavailable to customers and users. Or, in a flood attack, the requests fill up a state table on a peripheral device such as a firewall so that the device can no longer provide access to the resource it is protecting.

Cyber criminals use machines specifically configured to send a high volume of requests to accomplish these types of attacks. They also employ other devices they commandeer on various networks to augment their efforts and meet their needs. These hijacked machines are called bots, and groups of machines (bots) that are designed to work together are called botnets. The use of these botnet armies, especially in Internet of Things (IoT) devices, has increased every year since they appeared on the scene in 2007.

Since 2007, attackers have been relentless in their attempts to co-opt IoT devices into their botnet armies. Unfortunately, most IoT devices are vulnerable to such assaults since they are protected by consumer-grade firewalls, or worse, no firewall at all. In fact, many consumer IoT devices have little to no protection, and they’re frequently installed with default passwords, thereby rolling out a welcome mat for attackers. DDoS attackers use this infrastructure to launch attacks.

How Organisations Can Thwart DDoS Attacks

Organisations must take preventive measures to protect their digital infrastructures from DDoS attacks. Managing today’s and tomorrow’s DDoS attacks effectively and efficiently requires an integrated approach to attack mitigation. Thus, organisations need an automated, orchestrated combination of the best mitigation mechanisms for a given attack in any given environment. By leveraging intelligent and network infrastructure capabilities, and cooperation across network boundaries, organisations can defend themselves against DDoS attacks. This is possible with solutions that allow complete visibility across the network perimeter.

Network visibility has become increasingly important. On-premise network analysis and DDoS mitigation tools specifically designed with these attacks in mind can detect all kinds of DDoS attacks, alerting staff to their presence.

By increasing network visibility, companies can even turn these attacks to their advantage. An attacker probing a network with a sub-saturating DDoS event may be planning something more intrusive later. If an administrator can spot these forays early enough, they could be able to take preventative action. In this new, evolved era of advanced DDoS attacks, to be forewarned is to be forearmed.

Previous ArticleNext Article


The free newsletter covering the top industry headlines