Well. It’s hard to believe that we are now in the last quarter of this year. And in the next month or so, guess what is going to happen apart from hearing about the Holidays? The predictions as to what will happen in the Cyber Threat Landscape in 2022.
But we’ll deal with that later. As 2021 continues to soldier forward, the
major theme has and will be that of Ransomware.
The bottom line is that there is really nothing new with
these threat profiles, rather they are simply better mutations from the
original strain, sort of like how the Delta Variant emerged from the original
COVID19 virus. But there is one threat out there that that has always loomed on
the horizon, and that is the Distributed Denial of Service attack, also known
as “DDoS” for short.
Simply put, this is where a Cyberattacker tries to choke off
a server that is hosting shared resources or even Web based applications with
the outside world by flooding with malformed packets. The idea is not to kill off the server per
se, but to bring down to its knees for long periods of time.
But this year, it appears that the trend is changing. Rather than engaging these long kinds of
bursts, it seems to be that the Cyberattacker is trying to launch shorter among
of attacks but making them much more intense in nature.
Here are some of the findings discovered by researchers so
far:
*The number of these short-term DDoS attacks have grown at
least by 4x and have increased in the level of intensity at least by 2x in the
first half of this year;
*Most of these above-mentioned attacks had a sustained
duration of at least eight minutes or less;
*Interestingly enough, it is the same businesses that are
being hit over and over again;
*The Cyberattacker is making more intense usage of the TCP
protocol (which stands for “Transmission Control Protocol”, which is what is
used to access Web based applications today.
With this technique, the Cyberattacker is able to mask their attack as a
legitimate piece of network traffic flow.
Malicious usage of this protocol has increased by 32% in the first half
of this year;
*Other kinds of network protocols that are used to launch
these shorter frames DDoS attacks include the User Datagram Protocol (also
known as “UDP”), and the SYN data packets. Both of these saw sharp increases in
the first of this year, with upticks at 43% and 21%, respectively;
*The industries that were impacted the most were the IT,
financial, and business sectors, at 29%, 25%, and 22%, respectively.
NOTE: The above findings were formulated by examining over
5,600 different DDoS attacks. The
actual, published report of these findings can be seen here at this link:
https://www.imperva.com/blog/cheap-and-nasty-how-for-100-low-skilled-ransom-ddos-extortionists-can-cripple-your-business/
So what is the reason behind this new trend? Well threat researchers have attributed this
to the much wider availability of cheap or even free resources that are
available, especially from the Dark Web.
In other words, the Cyberattacker of today does not have to create ultra-sophisticated
threat vectors, they can even hire an outsourced firm to do it for literally
pennies on the dollar.
Simply put, with the barriers to entry now lowered to its
greatest level ever, and the digital landscape growing everyday (proliferated
mostly by the advent of the 99% Remote Workforce), the Cyberattacker now has a
much greater landscape in which to launch their attacks. But worst yet, they can even mask their
footprints even better now, with the process of Attribution taking a lot longer
as a result.
Because of this, it is now the major Cloud platforms such as
that of the AWS and Microsoft Azure that are now being hit, because of the huge
growth in the creation and usage of both Virtual Machines (VMs) and Virtual
Desktops (VDs).
These types of DDoS attacks have now become technically
known as “Pulse Wave Attacks”. It is
also a game of mind war warfare as well.
For example, with these shorter bursts the tendency is to just slow down
the services of one application.
Once this has been resolved, the tendency is for the IT
Security team to breathe easier and move onto to the next threat variant. But the Cyberattacker is also taking
advantage of this kind of mindset as well, by launching a new Pulse Wave
Attacker just minutes later, thus totally overwhelming the IT Security team yet
once again.
But it is not just malformed data packets that are used in
these Pulse Wave style of attacks. Bots
are also used, and according to researchers, this accounted for well over 60%
of the network traffic in the first half of this year also. But scary enough, out of this, only 36% of
this network traffic was deemed to be legitimate.
Bots are also much nastier in nature, such as scraping for
login information (such as usernames and passwords), and one favorite target of
them are the thousands of E-Commerce sites that are in existence today.
My Thoughts On This:
What is the best line of defense against these new breed of DDoS attacks? As I have mentioned before, we are all at risk, nobody is immune to it. But one of the primary advantages of going over to the Cloud, is that these platforms typically offer a great suite of security tools that you can use to protect both your VMs and VDs.
But the responsibility of actually deploying them comes down
to you and your IT Security team, not the Cloud Provider. There is no doubt that keeping track of all
this and mitigating any risks of this new breed of DDoS attack is a very
challenging one.
Therefore, you should probably engage the services of an MSP
to not only help with your transition to the Cloud, but also help you to keep
an eye on it for the long term as well.
No comments:
Post a Comment