By Rene Paap
The threat landscape is more complex than ever, and companies in Saudi Arabia need to establish a cybersecurity strategy that accounts for a number of different factors. Hackers will employ a variety of techniques to achieve their goals. In order to establish a viable defense, enterprises in the country must select the necessary technology for countering different forms of attacks.
One of the most prevalent methods used by cybercriminals is the distributed denial of service (DDoS) attack. This form of attack generates massive amounts of malicious network traffic — usually via networks of infected devices controlled by a single user. Due to the highly visible repercussions of DDoS attacks, they are carried out for a large number of reasons, including political activism, financial gain, and even ransom. DDoS attacks are becoming an increasingly popular tool in the cybercrime arsenal.
The number of DDoS attacks is soaring, according to Akamai’s latest State of the Internet report. Akamai reports that attacks were up a whopping 149% in Q4’2015 compared to the previous year. DDoS attacks can range in terms of severity, partially due to the low technical barriers posed to individuals carrying them out. One such popular method is via Web services that allow customers to rent, in a DDoS-as-a-Service manner, the computing power necessary to generate sufficient Web traffic — meaning anyone with a credit card could carry out an attack.
Despite being easy to pull off, DDoS attacks are still employed by the most advanced hackers and cybercriminals. In the right hands, the ability to disrupt a target’s networks and bring down critical systems is a means to a larger end, typically a network intrusion. In these instances, the DDoS attack acts as a smokescreen, diverting IT assets and attention away from typical security processes.
These types of attacks leave the network vulnerable, as it becomes easier to dismiss atypical activity as a false positive, in hopes of buying more time to deal with returning the network to business as usual. Hackers take advantage of this distraction and in quick succession carry out subsequent attacks, often planting advance persistent threats (APTs) on the network or stealing valuable data.
Since DDoS attacks bring down the most visible part of an organization, namely its website and internal employee Web applications, the pressure put on IT can range from the sales department all the way up to the C-Suite. A disruption of this sort can lead to lost revenue, a tarnished reputation and a major IT headache through the flooding of IT requests.
The solution for defending against being the victim of a DDoS smokescreen attack is two-pronged. Awareness is key, so organizations must first educate response teams on the various means used by hackers looking to infiltrate the network. With this knowledge, IT teams can do a better job of determining what the end-goal of attackers is, making it easier to push back against pushy C-Suite executives looking for a quick fix.
The second step of protecting against this sort of threat is technological. Without adequate security solutions in place, IT teams are at a distinct disadvantage when dealing with cybercriminals. In the case of the smokescreen DDoS attack, a combination of on-premises and cloud-based solutions that incorporate network load-balancing technology can handle attacks of varying types and sizes.
These products give IT decision makers the ability to detect an attack and mitigate it. Coupled with the appropriate security information and event management (SIEM) solution — and other tools for flagging unusual network activity — organizations can reduce the confusion caused by the initial DDoS attack, while maintaining the diligent monitoring necessary for defending against more serious threats.
— Rene Paap is the product marketing manager at A10 Networks