DDoS attacks – current trends and how to power mitigation - Gaurav Mohan, VP Sales South Asia & Middle East, NETSCOUT

In this new era of ‘online everything’ and the permanently altered digital landscape, businesses are staying connected to their employees, students are continuing their online learning and e-commerce sites are busier than ever. Thanks to the commitment of key platforms and deployment of world-class engineering skills for making these work round-the-clock.

However, no function is without challenges. With increase in the digitally and remotely connected devices, there is a boom in the cybercrime economy with DDoS (Distributed Denial of Service) attacks being very prevalent. These attacks are a malicious attempt to prevent regular traffic to reach its destination, such as servers and networks by overwhelming them with a flood of internet traffic. Attackers are leveraging advanced techniques in their attempts and legitimate users are not able to access the network.

Infact, the year 2020 has been a record-breaking year for DDoS attacks with a huge impact on the global digital infrastructure leading to loss in sales and customers, decreased productivity in addition to brand damage. This clearly indicates the Covid-19 impact on the DDoS attack activity. Pandemic lifelines, healthcare and education sectors also experienced increased attention from threat actors. There was a significant increase in demand for DDoS protection services from enterprise customers with shift to remote work and online collaboration services. 

Complexity of DDoS attacks further add to the challenges

Traditionally, only the e-commerce, net-banking or a typical branding webpage were primary targets, making news headline that the sites were down for a couple of hours. But today no industry vertical, be it, BFSI, Enterprise, IT/ITeS, Ecommerce or any Government organisation, is free from DDoS attacks. It is done to cripple the workflow of an organisation. Employees are not able to access critical applications, which are required for day-to-day operations, as these productivity tools and remote access processes are getting targeted.

DDoS is being used for smokescreen attack for stealthily gaining otherwise privileged access to critical data on the network and exfiltrate the data, after diverting the attention of the security team.  When the IT and Security teams are more focused on high volume DDoS attack in an attempt to mitigate it, the actors sneak into the network, plant a malware or try to do some lateral movement and exfiltrate specific critical data.

Most of the time, it is for financial reasons these extortion attacks are made on both organisations and individuals, with a DDoS incursion threat, until the extortion amount is paid.

DDoS mitigation has to address advanced threats and provide ongoing protection

In this changing IT landscape it is very important to do a comprehensive planning for DDoS mitigation that will lead to an efficient, flawless working of the IT network of an organisation of any size. The response mechanism, using the advanced methods to counter the challenges should be in place. Although organizations are adding additional VPN capacities to gateways, more horsepower to the servers, some critical aspects are to be considered. It is important to ensure attackers do not enter VPN gateways with guessable names that are commonly being used and bring down the workforce productivity.  At the outset, organizations should adopt best practices. There should be in clear understanding and defining of the various critical and non-critical resources that are exposed to the internet and be brought under the active protection umbrella.  With organizations migrating to cloud, those applications in cloud, on-premises, hybrid cloud or mixed environment should have a comprehensive protection.  Businesses should not completely rely on cloud-based DDoS protection providers, but have in-house capabilities to protect against even sophisticated attacks that are low volume and slow. Perimeter-based DDoS protection is also critical. Doing a deep analysis of the attack will provide the required visibility and support in putting all the necessary controls in place. Global threat intelligence is key to protect the enterprise infrastructure from advanced DDOS attacks that has seen its footprint elsewhere. During this changing IT landscape, it is critical that the solution adopted should provide protection for all assets and workloads in distributed environment.