According to threat reports on 2020’s first quarter, Distributed Denial-of-Service (DDoS) attacks are increasing in both frequency and force. DDoS attacks rose 278% in comparison to the first quarter of the year prior, and an astonishing 542% quarter-over-quarter. But what trends should we be looking out for during the rest of the year?
What caused this growth in DDoS attacks?
Evidently, this surge in DDoS attacks is a larger symptom of the pandemic – with its global shift into a remote workforce, subsequent heightened reliance on online services and growth in Internet-of-Things (IoT) devices. Cyber-criminals are mainly targeting healthcare organisations and educational institutions in hopes of disrupting their operations and wreaking havoc.
The growth in number and force of DDoS attacks can also be attributed to their accessibility. However it is important to note that these attacks are not only increasing in volume, but in speed and intensity. DDoS attacks are already inexpensive and easy to deploy, however, with a rise in total IoT devices and endpoints to leverage, cyber-actors can reach full potential of sophisticated attack within minutes.
While these statistics are not unprecedented, it is still crucial to stay alert to the potential risks that these figures indicate. We have put together a list of trends to look out for in the future.
If you are concerned about how to protect your enterprise against DDoS attacks, please do not hesitate to contact us. Our information security specialists can assist you in securing your organisation at every level.
5 DDoS attack trends to look out for:
1. Simultaneous attacks are occurring more frequently.
With an increase in devices to exploit, cybercriminals can generate multiple flood avenues and conduct numerous attacks concurrently. For example, attackers are able deploy multi-vector attack operations by combining common attack methods such as DNS Floods, HTTP Floods, Application Layer and Network Layer attacks.
2. Politically motivated attacks.
DDoS attacks are often driven by personal, political and ideological motives. Attacks are carried out to disrupt critical services, enact state-sponsored cyber warfare, extort money through ransomware campaigns, or to protest political propaganda. As tensions rise between countries throughout the pandemic, political organisations and news websites may be increasingly targeted.
3. Larger attacks with increasing sophistication and severity.
Heavy reliance on cloud-computing and increasing networks of IoT devices have led to an expansion of the attack surface. Cybercriminals are able to remotely take advantage of a mass of devices and create larger botnets of malicious infected machines.
4. Short-term, focused attacks slipping through the cracks.
While there has been a recorded anomalous increase in the duration of DDoS attacks, short, low intensity attacks are still on the rise. It is crucial that Internet Service Providers address these smaller strategic attacks and do not let ‘Invisible Killer’ attacks to slip through undetected.
5. Continued attacks on health and educational institutes, as well as media service providers.
Cyber-actors have continually exploited the COVID-19 crisis and global political movements in an effort to exploit people’s fears and hardships. While we gradually progress into the post-pandemic world it is vital that healthcare providers carry out operations smoothly. With schooling patterns and behaviours shifting across the globe, it is also essential to secure the educational sector and avoid targeted disruptions.
Moreover, with the growing consumption of media service platforms, such as Netflix, threats that may indicate a replication of the 2016 Dyn attacks should be taken very seriously and addressed promptly.
8 steps to preventing DDoS attacks:
Below we have expanded on the Australian Cyber Security Centre’s (ACSC) tips to preventing DDoS attacks:
1. Carry out regular patching on the IT security of your website.
Minimise threat by patching your infrastructure and updating your software. These are preliminary steps to securing your website infrastructure and blocking attacker entry.
2. Use a cloud DDoS mitigation provider.
Outsourcing cloud-based mitigation is a great option for smaller businesses who do not have the on-premise hardware for DDoS prevention. Cloud-based DDoS prevention providers have increased bandwidth and are able to prevent malicious targeted attacks.
3. Increase security precautions and brush up on security awareness.
Preventing attacks begins with foundational security awareness. Ensuring that your users are following security best practices will minimise the risk that critical details are leaked. Thinking about implementing Security Awareness Training in your business? Don’t hesitate – contact our security advisers.
4. Secure your network architecture.
Implementing network filtering that continuously monitors and limits access to traffic will assist in verifying legitimate traffic and minimise response time to abnormal movements.
5. Harden DNS servers.
Managing and hardening DNS servers will assist in preventing Application Layer and DNS Flood attacks.
6. Mirror DNS infrastructure with DDoS resilient DNS providers.
Prevent and protect against silent killer DNS attacks by mirroring your DNS infrastructure. Ensure that your provider has multiple points of presence and you have additional server back-ups.
7. Implement a DDoS Incident Response plan.
Outlining your approach to a DDoS attack will reduce response time and assist in minimising damages. Having greater visibility of assets in conjunction with a guideline of response procedures will assist in proactive protection. We have a variety of tiered Incident Response Retainer packages that can be scaled to your needs. For more information, please contact our cybersecurity experts.
8. Consider running your website on separate infrastructure to other business operations.
Distributing your servers geographically will assist in developing redundancy in infrastructure. Using a cloud host or dedicated service host will help in the distribution of servers and will therefore make it more difficult for attackers to target your servers as a whole.