The threat landscape is more complex than ever, and establishing a cyber-security strategy in 2016 entails accounting for a number of different factors. Hackers will employ a variety of techniques to achieve their goals. In order to establish a viable defence, enterprises and VARs must select the necessary technology for countering different forms of attacks, writes Rene Paap, Product Marketing Manager at A10 Networks.
One of the most prevalent methods used by cybercriminals is the distributed denial of service (DDoS) attack. This form of attack generates massive amounts of malicious network traffic — usually via networks of infected devices controlled by a single user. Due to the highly visible repercussions of DDoS attacks, they are carried out for a large number of reasons, including political activism, financial gain, and even ransom. DDoS attacks are becoming an increasingly popular tool in the cybercrime arsenal, and a 2015 Akamai report shows that DDoS attacks increased by 132% compared to Q2 2014. In addition, a 2015 Verisign report found that attack sizes increased by 52% from the first to the second quarter, meaning not only are more attacks happening, but they are becoming more severe.
DDoS attacks can range in terms of severity, partially due to the low technical barriers posed to individuals carrying them out. One such popular method is via web services that allow customers to rent, in a DDoS-as-a-service manner, the computing power necessary to generate sufficient web traffic — meaning anyone with a credit card could carry out an attack.
Despite being easy to pull off, DDoS attacks are still employed by the most advanced hackers and cybercriminals. In the right hands, the ability to disrupt a target’s networks and bring down critical systems is a means to a larger end, typically a network intrusion. In these instances, the DDoS attack acts as a smokescreen, diverting IT assets and attention away from typical security processes. These types of attacks leave the network vulnerable, as it becomes easier to dismiss atypical activity as a false positive, in hopes of buying more time to deal with returning the network to business as usual. Hackers take advantage of this distraction and in quick succession carry out subsequent attacks, often planting advance persistent threats (APTs) on the network or stealing valuable data.
Since DDoS attacks bring down the most visible part of an organisation, namely its website and internal employee web applications, the pressure put on IT can range from the sales department all the way up to the C-Suite. A disruption of this sort can lead to lost revenue, a tarnished reputation and a major IT headache through the flooding of IT requests.
The solution for defending against being the victim of a DDoS smokescreen attack is two-pronged. Awareness is key, so organisations must first educate response teams on the various means used by hackers looking to infiltrate the network. With this knowledge, IT teams can do a better job of determining what the end-goal of attackers is, making it easier to push back against pushy C-Suite executives looking for a quick fix.
The second step of protecting against this sort of threat is technological. Without adequate security solutions in place, IT teams are at a distinct disadvantage when dealing with cybercriminals. In the case of the smokescreen DDoS attack, a combination of on-premises and cloud-based solutions that incorporate network load-balancing technology can handle attacks of varying types and sizes. These products give IT decision makers the ability to detect an attack and mitigate it. Coupled with the appropriate security information and event management (SIEM) solution — and other tools for flagging unusual network activity — organisations can reduce the confusion caused by the initial DDoS attack, while maintaining the diligent monitoring necessary for defending against more serious threats.