As I review the last year, DDoS (distributed denial of service) attacks transformed from a minor nuisance that might have caused minor damages to a major security hazard; one that easily is damaging and shutting down business continuity of the biggest most powerful companies in the world.
A DDoS attack focuses on stopping a business’s ability to operate, until the attack is effectively blocked or the attacker stops.
Take, for example, the DDoS attack campaign on New Zealand last September targeting Kiwibank, NZX (New Zealand Stock exchange), ANZ (banking application), NZ Post (postal service), MetService (meteorological service) and the Ministry for Primary Industries (regulatory ministry).
It was one of the most extensive recent attack campaigns, creating days of cumulative downtime for the various targeted services. During the attack, trading activity on the stock exchange was suspended for two full days. If stopping trading wasn’t enough, consumers couldn’t access financial services for basic needs, such as purchasing fuel or groceries. Additionally, the New Zealand National Postal Service stopped providing service following the collapse of all its computer systems.
A DDoS attack hit the giant VoIP service provider Bandwidth.com, also causing outages for days. The company reported huge losses. Beyond customer churn and damages to its reputation, the company reported that the recent DDoS attack will end up costing it “between $9 million and $12m.” for Q4 earnings. This may have an even larger impact moving into 2022, with that future cumulative amount of loss still undisclosed by the company.
In Israel, we are also seeing a ramp-up of bigger, more sophisticated DDoS attacks than ever before. Such an attack took place last November on one of the largest website registration companies in Israel, Domain The Net, and shut down hundreds of Israeli websites for several hours. The National Insurance Institute was taken down for a few hours, and Voicenter, a VoIP company, also had its business stopped for around a day because of a DDoS attack. Customers affected included Checkpoint security firm, Mobileye, Expon, Similarweb and Gett.
DDOS ATTACKS differ from other well-known attacks such as malware and phishing. It’s a simple attack, very easy and cheap to launch, which explains its growing popularity. However DDoS attacks are very complex to defend against.
These attacks are carried out by creating high traffic loads on the site’s network capacity using botnets. Each bot sends requests to the target’s IP address, causing the server or network to become overwhelmed, resulting in a denial-of-service to normal traffic. The recent attacks may blend in well with normal traffic.
As seen above, companies go offline anywhere from several hours to days and in some cases suffer intermittent weeks of interruptions.
One of the trends that has grown this year is RDDoS (ransomware DDoS), whereby attackers extort organizations to either pay them or suffer a loss of business continuity. It is likely that because so many large organizations are unprepared, these RDDoS attacks continue to increase with a rapidly increasing intensity.
These attacks, called multiple DDoS vectors, attack the systems simultaneously and from multiple directions against different layers of the organization. These attacks have a higher success rate and often damage various systems like email services, remote employee access to files, and enterprise software like ERP.
As even the best of breed mitigation solutions are failing to detect many of these new DDoS attacks, the key question that any chief information security officer needs to ask himself at the onset of 2022 is, how do I fortify my mitigation solution? How do I make sure my mitigation solution detects and blocks all damaging DDoS traffic?
The data obtained in MazeBolt’s systems show that among all organizations, on average, they have a double-digit vulnerability attack surface. Some of the main factors this year in creating vulnerabilities are due to addition of IPs or applications (which are not configured to be protected), not identifying and eliminating existing DDoS vulnerabilities, or not having the correct mitigation systems deployed.
From our own data, we see that DDoS vulnerabilities on average, across industries, are divided into Layer 7, “the web server layer” (66%); Layer 4, “the transport layer” (23%); and Layer 3, “the network layer” (11%). This shows the need for all organizations to stick with a hybrid DDoS protection model with the ability to identify and eliminate vulnerable three layers of their DDoS protection.
All the companies above had DDoS protection but still suffered severe and damaging downtime.
The New Year will bring with it a rise in sophisticated damaging DDoS attacks. Is your organization well prepared? The only way to prevent a DDoS attack is to continually identify areas of weakness (vulnerabilities) and make sure your DDoS protections will work automatically, without the damaging downtime, all before the attack arrives.
The author is the founder and CEO of MazeBolt, which provides a unique technological solution for automatic detection, identifying and mitigating DDoS vulnerabilities.