Sunday, October 3, 2021

The Next Breed Of Distributed Denial of Service (DDoS) Attacks The SMB Owner Must Be Aware Of

 


Well. It’s hard to believe that we are now in the last quarter of this year.  And in the next month or so, guess what is going to happen apart from hearing about the Holidays?  The predictions as to what will happen in the Cyber Threat Landscape in 2022. 

But we’ll deal with that later.  As 2021 continues to soldier forward, the major theme has and will be that of Ransomware.

The bottom line is that there is really nothing new with these threat profiles, rather they are simply better mutations from the original strain, sort of like how the Delta Variant emerged from the original COVID19 virus. But there is one threat out there that that has always loomed on the horizon, and that is the Distributed Denial of Service attack, also known as “DDoS” for short.

Simply put, this is where a Cyberattacker tries to choke off a server that is hosting shared resources or even Web based applications with the outside world by flooding with malformed packets.  The idea is not to kill off the server per se, but to bring down to its knees for long periods of time.

But this year, it appears that the trend is changing.  Rather than engaging these long kinds of bursts, it seems to be that the Cyberattacker is trying to launch shorter among of attacks but making them much more intense in nature.

Here are some of the findings discovered by researchers so far:

*The number of these short-term DDoS attacks have grown at least by 4x and have increased in the level of intensity at least by 2x in the first half of this year;

*Most of these above-mentioned attacks had a sustained duration of at least eight minutes or less;

*Interestingly enough, it is the same businesses that are being hit over and over again;

*The Cyberattacker is making more intense usage of the TCP protocol (which stands for “Transmission Control Protocol”, which is what is used to access Web based applications today.  With this technique, the Cyberattacker is able to mask their attack as a legitimate piece of network traffic flow.  Malicious usage of this protocol has increased by 32% in the first half of this year;

*Other kinds of network protocols that are used to launch these shorter frames DDoS attacks include the User Datagram Protocol (also known as “UDP”), and the SYN data packets. Both of these saw sharp increases in the first of this year, with upticks at 43% and 21%, respectively;

*The industries that were impacted the most were the IT, financial, and business sectors, at 29%, 25%, and 22%, respectively.

NOTE: The above findings were formulated by examining over 5,600 different DDoS attacks.  The actual, published report of these findings can be seen here at this link:

https://www.imperva.com/blog/cheap-and-nasty-how-for-100-low-skilled-ransom-ddos-extortionists-can-cripple-your-business/

So what is the reason behind this new trend?  Well threat researchers have attributed this to the much wider availability of cheap or even free resources that are available, especially from the Dark Web.  In other words, the Cyberattacker of today does not have to create ultra-sophisticated threat vectors, they can even hire an outsourced firm to do it for literally pennies on the dollar.

Simply put, with the barriers to entry now lowered to its greatest level ever, and the digital landscape growing everyday (proliferated mostly by the advent of the 99% Remote Workforce), the Cyberattacker now has a much greater landscape in which to launch their attacks.  But worst yet, they can even mask their footprints even better now, with the process of Attribution taking a lot longer as a result.

Because of this, it is now the major Cloud platforms such as that of the AWS and Microsoft Azure that are now being hit, because of the huge growth in the creation and usage of both Virtual Machines (VMs) and Virtual Desktops (VDs). 

These types of DDoS attacks have now become technically known as “Pulse Wave Attacks”.  It is also a game of mind war warfare as well.  For example, with these shorter bursts the tendency is to just slow down the services of one application.

Once this has been resolved, the tendency is for the IT Security team to breathe easier and move onto to the next threat variant.  But the Cyberattacker is also taking advantage of this kind of mindset as well, by launching a new Pulse Wave Attacker just minutes later, thus totally overwhelming the IT Security team yet once again. 

But it is not just malformed data packets that are used in these Pulse Wave style of attacks.  Bots are also used, and according to researchers, this accounted for well over 60% of the network traffic in the first half of this year also.  But scary enough, out of this, only 36% of this network traffic was deemed to be legitimate. 

Bots are also much nastier in nature, such as scraping for login information (such as usernames and passwords), and one favorite target of them are the thousands of E-Commerce sites that are in existence today. 

My Thoughts On This:

What is the best line of defense against these new breed of DDoS attacks?  As I have mentioned before, we are all at risk, nobody is immune to it.  But one of the primary advantages of going over to the Cloud, is that these platforms typically offer a great suite of security tools that you can use to protect both your VMs and VDs. 

But the responsibility of actually deploying them comes down to you and your IT Security team, not the Cloud Provider.  There is no doubt that keeping track of all this and mitigating any risks of this new breed of DDoS attack is a very challenging  one. 

Therefore, you should probably engage the services of an MSP to not only help with your transition to the Cloud, but also help you to keep an eye on it for the long term as well.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...