// PREDICTIVE INTELLIGENCE //
“
TIME-TO- MITIGATION IS CRITICALLY
IMPORTANT , AS CYBERCRIMINALS
ONLY NEED SECONDS TO CRIPPLE SERVICES OR
TAKE WEBSITES OFFLINE . network and can be costly in terms of network infrastructure downtime and maintenance . Many organisations assume that their providers are already protecting them from such attacks .
However , unless specified , most ISPs do not run protection at a per-customer level and these high intensity , short duration assaults can easily take down a company ’ s firewall in a matter of seconds , either blocking the flow of legitimate traffic or , possibly worse , leaving the network unprotected from infiltration , mapping , malware , or stealing of sensitive data .
COVID evolution
The pandemic has seen a shift in DDoS attack behaviour . Data from the
2020 Corero DDoS Threat Intelligence Report shows a significant increase in attacks over 10Gbps . However , as consistently reported , the vast majority ( 98 %) of mitigated DDoS attacks are still less than 10Gbps in volume that are more difficult to detect and mitigate with manual and legacy systems . Even firewalls that claim to have builtin anti-DDoS capabilities realistically only offer a limited ability to block such attacks : typically , via the use of simplistic thresholds .
When the threshold limit is reached , every application and every user using that port gets blocked , perhaps protecting the infrastructure but causing an outage for legitimate users . Attackers know this is an effective way to block the good users along with the attack , achieving their end-goal of denying service .
With around 45 % of the UK working from home at the height of the pandemic , many companies have had to resort to using VPNs to allow staff to connect remotely to corporate systems . This trend has been exploited by attackers with the report finding a year-overyear increase of nearly 400 % in the use of OpenVPN reflections as an attack vector . OpenVPN as a reflection DDoS vector is bad news for the victim being attacked but , also for the organisation whose OpenVPN infrastructure is being used to launch the attack as its remote workers will suffer from a degraded , or possibly unusable , service , impacting productivity and , potentially , Business Continuity .
The report also notes that DDoS attacks are continually evolving in their sophistication , deceptiveness and frequency , and finding new ways to bypass traditional security measures . In most cases , rather than just generating massive volumes of traffic , to block an organisation ’ s Internet connections , cybercriminals send shorter , lower volume attacks which are designed to impact a particular server , application , or service .
In some cases , attackers seek merely to distract security staff with DDoS ‘ noise ’, which helps disguise their efforts to map a network for vulnerabilities , install malware , or access sensitive information .
Fighting back
In terms of countering this threat , there are key areas on which organisations should focus . Accurate and rapid detection is the first phase in effective DDoS protection . Attacks that are now able to evade legacy detection mechanisms – specifically small-scale ,
26 intelligent
. tech
Intelligent SME . tech