{"id":2246,"date":"2020-02-10T02:18:26","date_gmt":"2020-02-10T02:18:26","guid":{"rendered":"http:\/\/kusuaks7\/?p=1851"},"modified":"2024-01-15T09:56:10","modified_gmt":"2024-01-15T09:56:10","slug":"ddos-an-underestimated-threat","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/software-ux-ui\/ddos-an-underestimated-threat\/","title":{"rendered":"DDoS: An Underestimated Threat"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.<\/strong><\/h4><\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tOn the flip side of the proliferation of Internet of Things (IoT) devices, the quest for increased connectivity and bandwidth (think 5G) and skyrocketing cloud adoption, IT is increasingly being weaponized to unleash cyberattacks in an unprecedented order of magnitude. Coupled with the emergence and anonymous nature of both the Dark Web and cryptocurrencies, illicit transactions have never been easier or more convenient. Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. They have advanced from mere botnet-based approaches to artificial intelligence (AI) and data-driven models.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tScholars at the University of Cambridge last year published a\u00a0research note<\/a>\u00a0describing how they used data science to shed light on criminal pathways and ferret out the key players linked to illegality in one of the biggest and oldest underground forums. Perhaps surprisingly, they found that most cybercrime is committed by people who aren’t technical geniuses. Many of them offer so-called “booter” services \u2014 basically, they’re hired DDoS guns \u2014 and they have become so widespread that they even include school-age children.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tWhile not all of these attacks are spotlighted in the media, they cause significant financial blowback for companies in the form of paid-out ransoms, business downtime, lost revenue, and reputational losses, among other costs. This havoc is perpetrated by the members of a busy underground economy where cyberattack services are traded and monetized.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Attacks on the Rise<\/strong><\/h3><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tEuropol’s\u00a0“Internet Organised Crime Threat Assessment 2019” report<\/a>\u00a0outlines how DDoS attacks are among the biggest threats reported in the business world. The favorite DDoS targets of criminals in 2019 were banks and other financial institutions, along with public organizations such as police departments and local governments. Travel agents, Internet infrastructure, and online gaming services were also in the cybercriminals’ crosshairs. Some arrests were made, but they had no noticeable impact on the growth rate of DDoS attacks or on the Dark Web infrastructure that makes them possible, according to Europol.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nWhile many DDoS attacks go unreported and unnoticed, some are making the news. In October, a major\u00a0DDoS attack roughly eight hours long<\/a>\u00a0struck Amazon Web Services (AWS), making it impossible for users to connect because AWS miscategorized their legitimate customer queries as malicious. Google Cloud Platform experienced a range of problems at about the same time, but the company says the incident was unrelated to DDoS. A few weeks earlier,\u00a0a number of DDoS attacks<\/a>\u00a0crippled an ISP in South Africa for an entire day.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Everybody Is Vulnerable<\/strong><\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tInterestingly, it’s not just legitimate organizations that are plagued with DDoS attacks. Anyone familiar with Dark Web market listing service will know that markets are usually listed with an “uptime,” with the main reason for any downtime being DDoS attacks.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nThese hidden services are open to DDoS attacks because of certain characteristics of the Tor browser, which is commonly used to access the Dark Web. Earlier this year, the three biggest Dark Web markets all suffered serious and extended DDoS attacks. The operators of\u00a0Dream Market were reportedly taken for $400,000<\/a>, which illustrates that even the criminals are vulnerable to attacks by DDoS extortionists.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

APIs Move into the Spotlight<\/strong><\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tBut the DDoS problem is moving beyond infrastructure. As part of their digital strategy, many organizations are turning to cloud-native applications, and \u2014 as part of the\u00a0Fourth Industrial Revolution<\/a>\u00a0\u2014 manufacturing, logistics, and utility companies are equipping their production lines, warehouses, factories, and other facilities with wireless connectivity and sensors. Each of these require an API in order to work.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tHowever, while APIs simplify architecture and delivery, they can also become bottlenecks that open up companies to a spectrum of risks and vulnerabilities. When a business-critical application or API is compromised, it knocks out all the operations related to the business and initiates a chain reaction. Thus, simply protecting OSI layers 3\/4 is no longer sufficient; layer-7 attacks create more damage with less total bandwidth.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Job #1: Building Cyber Resilience<\/strong><\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tIn digital business, there is no room for outages. That’s why organizations of all sizes must do everything they can to safeguard the resilience, integrity, and uptime of their digital platforms and services. As network bandwidth and computing power multiply, they enable black hats to leverage the increased resources to launch more powerful attacks. DDoS against national infrastructure networks can wreak major real-life havoc and shut down access to the services that grease the wheels of our economy and society. The US Department of Homeland Security (DHS)\u00a0reports<\/a>\u00a0that in the past five years the size of attacks has increased by a factor of 10, and that “it is not clear if current network infrastructure could withstand future attacks if they continue to increase in scale.”\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Upgrading the Arsenal<\/strong><\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThe increase in attack frequency, added risk of APIs, and cost of downtime have combined to create a threat greater than the sum of its parts. This evolution of the threat landscape necessitates a similar evolution in defense methods. An organization would be naive to think that the preparedness posture that worked a decade ago can still work unchanged against modern threats.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\n“To address the increased frequency of attack, a modern defense must be efficient,” says Andrew Shoemaker, a DDoS veteran and founder of NimbusDDoS, a pen-testing provider that vets DDoS mitigation solutions. “This means embracing automated mitigation approaches, and moving away from slow manual processes,” he adds. “Manual approaches may have been effective in the past when an organization was only attacked a few times per year, but the administrative burden of manual mitigation becomes overwhelming when attacks are happening monthly or weekly.”\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

IT is increasingly being weaponized to unleash cyberattacks in an unprecedented order of magnitude. Coupled with the emergence and anonymous nature of both the Dark Web and cryptocurrencies, illicit transactions have never been easier or more convenient. Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. They have advanced from mere botnet-based approaches to artificial intelligence (AI) and data-driven models. While many DDoS attacks go unreported and unnoticed, some are making the news. Here’s how to fight back.<\/p>\n","protected":false},"author":166,"featured_media":3620,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[200],"tags":[93],"ppma_author":[1950],"class_list":["post-2246","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software-ux-ui","tag-internet-of-things"],"authors":[{"term_id":1950,"user_id":166,"is_guest":0,"slug":"marc-wilczek","display_name":"Marc Wilczek","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/04\/medium_00058d24-991e-4fe8-b65f-2188edaded40-150x150.jpg","user_url":"http:\/\/www.marcwilczek.com","last_name":"Wilczek","first_name":"Marc","job_title":"","description":"Marc Wilczek, Chief Operating Officer at Link11, is a columnist and recognized thought leader helping organizations drive their digital technology. Over the past 20 years, he has held various senior leadership roles across the ICT industry. Previously, he was a member of the management board of T-Systems\u2019 Computing Services & Solutions (CSS) division. Besides being a public speaker, he has authored dozens of publications featured in CIO Magazine, InformationWeek, Bloomberg, Information Management, DarkReading, ZDNet, and others."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2246","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/166"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=2246"}],"version-history":[{"count":7,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2246\/revisions"}],"predecessor-version":[{"id":35499,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/2246\/revisions\/35499"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/3620"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=2246"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=2246"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=2246"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=2246"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}