By Vinay Sharma, Regional Director, India and SAARC, NETSCOUT
Government agencies, Corporate sector and Academia are going digital in today’s ‘online everything’ times. The IT and Network infrastructures are expanding, delivering operational excellence and superior customer experience. However, these developments are unfortunately associated with challenges related to cyber-security. Yes, today we are witnessing the rapid expansion of the cyber-threat landscape as well, prompting organisations to put in place robust cyber-security measures.
Among many types of security attacks, Distributed Denial of Service (DDoS) is among the more prevalent ones. The increase in these are seen since the onset of the pandemic in 2020 leading to loss in sales and customers besides negatively impacting employee productivity and hurting the brand.
DDoS attacks are malicious attempts made by cybercriminals to prevent legitimate users from accessing the network and servers as they are overwhelmed with a flood of network traffic. Malicious opportunities have triggered the rise in constant attacker innovation too, fueling the already growing cyber-security crisis across sectors.
According to NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT), adversaries launched approximately 5.4 million DDoS attacks in the first half of 2021, an 11% increase from the same period in 2020. However, DDoS attack activity calmed down in the second quarter of 2021. Although the attack frequency has dropped, we are still well above the numbers that were considered normal prior to the onset of the pandemic.
New attack vectors exploit abusable commercial and open-source User Datagram Protocol (UDP) services and applications. The number of vectors used in multi-vector DDoS attacks is rising significantly with new adaptive DDoS techniques evading traditional defenses. The global connectivity supply chain is increasingly coming under attack as cyber-criminals are focusing on DNS servers, Virtual Private Network (VPN) concentrators and services besides internet exchanges. Internet Service Providers (ISPs) faced DDoS Extortion Attacks too. Cybercriminals add DDoS to their toolkit to launch triple extortion campaigns. Botnets contributed significantly to the larger DDoS threat landscape. Botnet attacks are large scale cyber-attacks that are carried out by devices which are infected by malware and controlled remotely. India is among the top countries with most DDoS botted nodes only after China and Mirai is the malware or top Botnet that infects smart and networked devices.
In India, the cyber-attacks were made on several industry sectors, such as, Wireless Telecommunications Carriers except Satellite), Wired Telecommunications Carriers, Data Processing, Hosting + Related Services, Electronic Shopping + Mail-Order Houses, All other Telecommunications, Electronic Computer Manufacturing, Investment Banking + Securities Banking, Internet Publishing, Broadcasting + Web Search Portals, Software Publishers and all other Professional, Scientific + Technical Services.
In the fast evolving IT landscape, it is imperative to create a comprehensive plan for DDoS mitigation to ensure flawless working of IT and Network infrastructures in organisations of all sizes. Care should be taken to address attackers attempting to enter VPN gateways with commonly used, guessable names, impacting productivity. Critical and non-critical resources that are exposed to the internet have to be defined and brought under active protection net. Perimeter-based DDoS protection is important too with the prevalence of remote-working culture.
The industry can make significant strides in DDoS protection if all stakeholders can collaborate and co-ordinate. The collaboration will fall under three categories. ISP to ISP collaboration, where a fully integrated inter-network signaling mechanism that allows network operators to share attack attributes and co-ordinate defenses spanning network boundaries to collectively stop DDoS attacks nearer to their source.
Customer to ISP collaboration is done via on-premises solution that can share attack attributes with upstream ISPs. The upstream providers can use the identified attack attributes to create counter measures within their systems and further share those with their peers and other customers.
Sharing Threat Intelligence supports the DDoS defense community as a whole, where stakeholders can use a system to curate and send anonymous attack statistics to other players in the community. Providing of information about observed DDoS attacks and other forms of observed cyber-threat activity.
Cybercrimes and DDoS threat landscape will only grow more complex, with new attack vectors ready to exploit the vulnerabilities in the digital ecosystem. It is key for the security teams to remain vigilant all the time and protect the critical infrastructure that is currently driving the modern digital economy. Organisations have to continue to update their DDoS defense plan that consists of organic mitigation capacity along with opting to partner skilled commercial DDoS mitigation service providers