sb-eu logo
Story image

DDoS attacks a wake up call for complacent businesses - Imperva

27 Oct 2020

When distributed denial of service (DDoS) attacks created mayhem around the world in August, they left many organisations scrambling to protect themselves.

Security firm Imperva recently published findings from its monthly Cyber Threat Index scores. The firm found that in the month of August, there was a significant uptick in security incidents, with the largest occurring in Australia, the United Kingdom, and Canada.

August was the same month in which a global DDoS campaign caused significant downtime for New Zealand businesses including the NZX and Metservice.

DDoS attacks occur when threat actors target organisations’ websites or public-facing networks, overloading those networks with manufactured web traffic and bringing those networks to a grinding halt.

New Zealand Imperva distributor Chillisoft’s CEO Alex Teh says the attacks on NZX and other organisations have been attributed to the cybercriminal APT group Fancy Bear.  He believes that the attacks were difficult to contain because they were left unchecked until they arrived at network entry points.

Teh also notes that cloud-based systems are better equipped to DDoS attacks because they block malicious activity at the source, rather than ‘on the doorstep’.

“More than simply disrupting the victim’s network and taking down public-facing systems, DDoS attacks often had more sinister aims.”

DDoS attacks have often been used as part of larger attacks for malware, phishing, and other cyber threats.

“A data breach event could be under your nose, but the sheer volume of requests hitting your website and networks masks underlying data exfiltration,” says Teh.

Imperva Office of the CTO’s director of technology Reinhart Hansen adds that Imperva has seen a tenfold increase in DDoS-for-hire sites over the last 12 months, indicating that criminals may conduct more frequent attacks.

“DDoS-for-hire gives anyone the ability to launch an attack,” says Hansen. “You can pay as little as $50 for a five-minute attack on a named target. That tiny investment can have major implications when websites go down and criminals manage to tunnel into backend servers and customer data,” says Hansen.

Hansen adds that many organisations assume their service providers protect them from DDoS attacks, but it is a risky assumption to make.

Appliance-based on-premise DDoS protection used by some service providers effectively filtered malicious incoming traffic; however, their ability to handle DDoS traffic is capped by a network’s uplink, which is rarely more than 10Gbps, leaving the door open to large scale attacks, he explains.

“Recent incidents should serve as a timely reminder for local businesses to put hard questions to their service providers to really understand what they’re doing to protect their own infrastructure against DDoS attacks,” Hansen explains.

He adds that an organisation’s protection is only as good as its provider’s protection.

“The secret sauce is applying intelligence harvested from the global threat landscape to allow legitimate traffic through while keeping bad traffic out. That’s Imperva sweet spot – we constantly evaluate the bot landscape to understand what is legitimate and what isn’t. Every minute a business is unable to service a legitimate customer is a dent in revenue and reputation,” concludes Hansen.

Story image
ExtraHop reveals methods used by attackers in SUNBURST breach
The network detection and response company says between late March and early October 2020, detections of probable malicious activity increased by approximately 150%, including detections of lateral movement, privilege escalation and command and control beaconing.More
Story image
WatchGuard rolls out updates to bring greater security to MSPs
"WatchGuard Cloud’s continued evolution is lowering the barrier to entry for MSPs to add security to their portfolios and solidifying it as the management platform of choice for the security channel.”More
Story image
Microsoft adds new ways to bring AI to the edge with Azure Percept
"The goal of the Azure Percept platform is to simplify the process of developing, training and deploying edge AI solutions."More
Story image
Veeam reports growth as demand for modern data protection increases
“Even with the unforeseen challenges and circumstances that began in early 2020, Veeam continued its rapid growth with its second consecutive year of bookings over $1 billion."More
Story image
Creating a strong culture of security within organisations
CISOs worldwide are inherently aware of how significant investment in cybersecurity strategies and technologies can bolster an organisation’s protection against cyberattacks. However, many overlook the importance of culture when it comes to cybersecurity.More
Link image
Why strong authentication is passwordless in 2021
Passwordless authentication is not only good practice, it is also increasingly becoming a regulated standard. Here's why robust solutions, like True Passwordless Authentication, are the way of the future.More