Reflecting on 2017, it seems more than fitting to crown it ‘the year of the cyber attacks’. Sure, Mirai kicked things off in late 2016, but last year there was WannaCry, the Equifax data breach, and, dare we forget, the recent ransomware campaign, Bad Rabbit?
These examples are the tip of the iceberg and across both the public and private sectors, nobody seemed immune to cybercrime. This was highlighted when anonymous group, Shadow Broker, leaked the National Security Agency’s own hacking tools. In fact, as 2017 came to a close, a new Mirai-style botnet, Satori, quite literally ‘awakened’, infecting more than 280,000 IP addresses in just 12 hours.
It was recently estimated that we will spend $1 trillion globally on cybersecurity between 2017 and 2021
The scale of the problem is eye-watering. According to Cybersecurity Ventures it was recently estimated that we will spend $1 trillion globally on cybersecurity between 2017 and 2021. Cybercrime meanwhile, will cost the world’s economy $6 trillion annually by 2021. These figures beg the question as to how effectively cybersecurity measures are being deployed with such a significant impact on the economy. But at the same time, you wonder just how much worse it could be.
One of the main areas of concern are the proliferation of DDoS attacks. These were recently identified in a report from Accenture as being responsible for a significant proportion of Britain’s costliest and most damaging cyberattacks on businesses. As such, it is worth examining how DDoS attacks are impacting businesses and what can be done to guard against them.
It was uncovered in Neustar’s recent Global DDoS Attack and Cyber Security Report, that more than four in five organisations have been hit by a DDoS attack at least once in the last eight months. Alarmingly, 36% of these organisations confessed to being in the dark about the attacks, only finding out from their customers when they’d been hit. It comes as no surprise, then, that DDoS attacks have detrimental consequences for a brand, sparking a whole host of trust issues for customers.
These figures are only going in one direction as cybercriminals are becoming more cunning, creative and resourceful in their approach. Whereas previously hackers would launch a large scale DDoS attack completely disrupting a website, multi-vector attacks are now the preferred option with half of the average attack size peaking at 10Gbps.
Armed with new tools and aided by the constant sharing and selling of attack codes, hackers will launch more targeted, repetitive hits at a frequent pace. In a recent survey by the Neustar International Security Council, nearly half of respondents (45%) admitted that targeted attacks are a growing threat to their business, with almost three quarters (73%) professing that recent cyber attacks have changed the way they approach protecting their organisation.
Theft, malware, viruses: the consequences
Motives for DDoS attacks vary. Yet, more often than not they will be twofold: using a DDoS hit to plant malware, viruses or ransomware. In fact, the Global Report found that organisations attacked just once had a 35% chance of seeing malware activated and a 52% chance of experiencing a virus.
Worryingly, 92% of organisations experiencing multi-vector attacks also reported theft of intellectual property, customer data and financial assets and resources. It seems an understatement, then, to simply state that this leads to catastrophic results for a business.
For example, if we look closely at the UK internet services industry alone, it risks losing up to £111 million by taking at least six hours to respond to a DDoS attack. The problem here lies in the detection and response time to an attack, with 30% in the UK taking 3-5 hours to spot a hit and figures demonstrating an increase in overall reaction time.
Interestingly, slower detection and response times coupled with the growing complexity of attacks, aligns with an increase in spending, with 83% admitting to investing more in DDoS protection. Moreover, as application layer attacks become more intelligent, there has been a significant increase in the deployment of Web Application Firewalls with 53% reporting they invested in the technology during 2017.
As hackers show no signs of slowing down, it is crucial to process the DDoS landscape and understand how it can affect the technical infrastructure of a business. Possessing this information is vital for assessing the necessary defence solutions and cost, in order to select the correct protection method.
For companies looking to reduce spending, there are low-cost services for guarding against DDoS such as “clean bandwidth/pipe solutions” delivered by IPS and content delivery network (CDN) services. While inexpensive, generally these defences are limited to smaller-scale attacks and, in the case of IPS, depend on the user having a single internet provider.
A sturdy and economical solution is on-demand cloud which works by redirecting traffic to a mitigation cloud. Yet, it heavily relies on a speedy failover to the cloud in order to escape any downtime. To counter this, the process can be automated by combining the client’s router and the mitigation partner. A successful service will deliver integrated protection and monitor network and application layer (ISO layers 3, 4 and 7) attacks.
In comparison, always-on cloud-based protection constantly redirects web traffic, which may cause issues with network latency, even during non-attack conditions. Moreover, extra solutions are necessary to conquer application layer attacks and, as a result, combining with a CDN and a cloud-based Web Application Firewall is recommended for this solution.
Outside of the cloud, a hybrid mitigation plan is the recommended choice and comprises of a mitigation appliance and cloud protection. This plan will halt any form of DDoS attack and automatically activate cloud mitigation if the circuit is threatened.
Finally, regardless of the solution, it is crucial to have a unified (Layers 3 – 7) 24/7 Security Operation Centre including a user interface with real-time monitoring and reporting. With this, an organisation is more likely to be victorious over an intelligent hacker.'As we wave goodbye to #2017, we can confidently assert that #CyberAttacks are going nowhere...'Click To Tweet
As we wave goodbye to 2017, we can confidently assert that cyber attacks are going nowhere and, more so, that they will only continue to grow in size, scale and intensity throughout 2018. It, therefore, becomes everybody’s responsibility to understand cybercrime in order to fight against it – and applying the correct, well-researched and most effective solutions is an essential starting point.