Back in high school, my favorite subject was that of US
History. What we learned back then was
about the colonization on the East Coast, and of course the American
Revolution, and from there, the movement westwards.
I also took world history, and learned more about regional
conflicts, such as those between India, Pakistan, and China. Then, when I went to Purdue for the undergrad
years, I also took a year of US History once again, but the topics covered were
more about the Cold War, between the United States and the former Soviet Union.
Back then, Cyber warfare and Cyber terrorism were terms not
even heard of. The main battle lines
were all about how large the army, navy, and air force was of any country. But now, as we start the New Year, the lines
of conflicts have drastically changed.
Although the fear of nuclear war is still there (largely driven by the
Ukrainian – Russian conflict), the thought is now about the digital warfare
that can take place between nations.
Yes, this has been going on for some time, as countries have
been spying on each other for quite some time, the digital warfare concept is
starting to emerge as something different.
For example, it is not a “throw everything you have and including the kitchen
sink” threat vectors launched by the Cyberattacker, but rather, they are much
focused.
In this regard, it seems to be that the Distributed Denial
of Service (DDoS) attacks are the favored attacks to be used.
Once again, the prime catalyst for this has been the war
between Ukraine and Russia. Just days
after it started, it seems like the Ukrainians already had their guard up, and
fended much of the opening salvos of DDoS attacks from the Russians.
Much to my surprise, the Ukrainian military was even able to
gain the support of hackers from other parts of the world to aid in this
fight. In fact, between March and April
of last year, the total number of DDoS climbed by an escalating 236%, more than
ever before.
Why are DDoS attacks the Cyber weapon of choice? Well, it is an old threat vector that can be
modified very quickly to fir today’s digital warfare needs. Second, they can be launched within minutes,
and literally flood and break the back of the global Internet in just a matter
of a few hours.
The idea of a DDoS attack is to pound servers with useless and
meaningless data packets until the services provided by them come to a screeching
halt.
So, the goal is not to really infect other computers or devices
with worms, viruses, and malware. The
mission of the DDoS style attack is to simply be a large nuisance, and to
detract the IT Security team from other critical tasks that it has to achieve. In fact, the Ukrainian conflict just itself brought
on 6,000,000 new types of DDoS attacks alone.
This is according to the recent report from Netscout, which is
entitled the “DDoS Intelligence Report”.
More information about this can be seen at the link below:
https://www.netscout.com/threatreport
But keep in mind, it is not just Eastern Europe where all of
these DDoS attacks are happening. It is
also happening in other parts of the world, which includes the following:
*India, total number of attacks went up (specific number not
known)
*Belize, total number of attacks went up (specific number
not known)
*Finland, which witnessed an increase of 258% in the total
number of DDoS attacks;
*Hong Kong/China/Taiwan, total number of attacks went up (specific
number not known)
It is interesting to note that these DDoS attacks which happened
were not just solo events, rather, there was an event which triggered it. For example, in the ones with Finland and
India, it was once again the Ukrainian -
Russian that triggered them. In the case
of Hong Kong/China/Taiwan, it was the recent visit by Nancy Pelosi, which was once
again, the main trigger.
But here is the scary fact:
It is not the Cyberattacker themselves that are launching these DDoS
attacks, but rather, it is groups that are hired from the Dark Web. These are technically known as “Booter/Stressor”
services, and these are outsourced groups that will launch a DDoS for almost pennies
on the dollar for the Cyberattacker.
But even here, this is nothing new, as a Cyberattacker can
even hire a paid service to even launch a devastating Ransomware attack. This is also known as a “Ransomware as a Service”.
My Thoughts On This:
Obviously, no kind of Cyberattack against anybody is
good. Most of the victims are just
innocent by standers. But here is the sliver
lining, if there was one, through this kind of attack. A DDoS attack cannot just be pinpointed at a
target.
Rather, it has to go through the DNS system, and at some point,
to the Internet Service Provider (ISP). Because
ISPs have become much better at responding to different threat vectors, the chances
are high that they will be able to bring back up services and websites fairly
quickly after a DDoS attack has happened.
But of course, it all depends upon the magnitude of the
attack. The larger the DDoS attack is,
the longer time it will take to resolve.
But the bottom line is that yes, everything should all be fine in the end. But this does not relieve of your duties to
protect your company.
As CISO (or even vCISO), you still have a responsibility to your
employees and organization to make sure that all controls are put into place to
mitigate the risks of any kind of Cyberattack from happening.
The best way to do this is to conduct a comprehensive Risk
Assessment once again on those assets (such as servers, Web based apps, databases,
etc.) that are facing towards the external environment and are available for the
public to access. After you do this, it
is always very prudent to conduct a Penetration Test to see where any other gaps
or vulnerabilities may at.
But also keep in mind that your partner companies,
especially the third-party suppliers are also prone to becoming a victim of a
DDoS attack, and they need to be fully aware of that, and take the same, proactive
steps that are you taking as well.
No comments:
Post a Comment