© 2020 Content Security Pty Ltd.

DDoS attacks are effectively collapsing massive networks. So what can be done?

Understanding what we’re up against in the world of cybercrime is a fundamental first step in protecting against threats. From here we can hone in on various possible solutions that will halt an attacker in their tracks, or at least mitigate any damage or fallout.

One example of this in action is Distributed denial of service (DDoS) attacks, and the role of Web Application Firewalls (WAFs) in helping to enhance a company’s cybersecurity resilience. WAFs are fast becoming a cornerstone of a fully holistic approach to securing data and infrastructure.

DDoS attacks top concern for Australian businesses

As reported by The Guardian, late last year the Australian Bureau of Statistics (ABS) ‘fended off’ nearly one billion cyber attacks against the census. In 2016, a DDoS attack led to ABS having to take the first digital census offline for 40 hours. To stop this from happening again, cybersecurity measures were increased. However, on census day alone ABS was tasked with blocking 308,735 malicious connections and 130,000 IP addresses that were revealed as the source of attack traffic.

As DDoS attacks increase in consistency and sophistication, these stories are becoming commonplace. According to International Data Corporation (IDC), the international analyst firm, DDoS is currently a top concern for IT organisations of all sizes, alongside the likes of ransomware, phishing and data breaches. Numerous reports published in recent months highlight a massive increase in attacks against critical infrastructure, with prevalence and size of attacks on the rise.

One report found that DDoS traffic increased in 2022 from the previous year, with terabit-strong attacks frequently seen, as well as attacks in the hundreds of millions of packets per second, and sophisticated botnets peaking at tens of millions of requests per second. In addition, the number of volumetric and ransom DDoS attacks grew. As for industries targeted, while the likes of education management, finance and aviation are reportedly often at the top of the list, no industry is spared from the threat.

Volumetric and ransom DDoS attacks highlight the potential damage of these threats. Unlike ransomware, ransom DDoS attacks don’t require a user to accidentally click on a malicious link, instead they hone in on extortion. Generally speaking, a hacker will demand payment, and if the victim is unable or unwilling to pay the hacker will run their DDoS attack, flooding servers and networks with fake requests to make it impossible to discern legitimate requests.

A more direct approach, volumetric attacks have one primary aim, to overwhelm internal capacity with high volumes of malicious traffic. This type of DDoS attack typically takes advantage of vulnerable services, launching numerous spoofed queries to overwhelm the target. It can even result in an entire network infrastructure collapse. Volumetric DDoS attacks can also be a mask for more sophisticated and granular DDoS attacks. For example, hackers may take advantage of exposed services to disable a firewall or other preventative measures, and then install malware to steal sensitive data.

WAF and threat mitigation to defend against DDoS

Thankfully, alongside the rise of these malicious and highly targeted attacks are ever-evolving cybersecurity solutions, such as Web Application Firewall, or WAF. This describes a firewall that’s designed to monitor, filter and block data packets as they move between the internet and web application.

WAF solutions can be host-, network- or cloud-based, and can run as network appliances, server plugins or cloud services. When deployed as an on-premise or cloud solution, a WAF provides another layer of protection against cross-site forgery, cross-site scripting, file inclusion, SQLi (structured query language injection ) and DDoS attacks. A WAF appliance will filter DDoS traffic as well as encryption, protocol and web application-based attacks.

There are a few key ways in which a WAF solution can mitigate or halt a DDoS attack. One way is with a detection threshold, based on either packets per second or a chosen threshold percentage. In this example, the WAF solution will log and alert when the number of packets per second goes above the threshold amount.

A WAF is a protocol layer 7 defence, in the Open Systems Interconnection (OSI) model that breaks down network communications into seven layers. As such, it’s not designed to defend against every type of attack. It will work best when used with other solutions or tools to give a more thorough and holistic defence against attacks.

Alongside firewall and network protection solutions, there are key ways to reduce the potential risk of DDoS attacks. This includes carrying out regular patching on the IT security of a website, securing network architecture, managing and hardening Domain Name System (DNS) servers, implementing a DDoS incident response plan, outsourcing cloud-based mitigation and DDoS prevention with providers able to utilise increased bandwidth to prevent attacks, and improving foundational security awareness within the organisation.

For more information please contact our cybersecurity professionals today.

Recent news