Cloudflare’s DDoS Threat Report for the third quarter has shown that many attacks are still initiated by human attacks but executed by bots. As such, to equip yourself adequately for a battle against robots, you need to use robots.
DDoS attacks are on the rise and there is a tendency for them to be more severe now. Volumetric attacks, or those designed to create congestion between a site and the greater internet by targeting networks have also increased in comparison to last year’s Q3.
A DDoS attack is an attempt to disrupt the normal flow of traffic on a server, network or service with a flood of traffic. It’s possible to mitigate these incidents with simple steps such as monitoring services, anti-spam tools, routing techniques and many more.
To be successful, these attacks can rely on threat actors taking control of online devices and computers. These machines are then put to use as sources of attack traffic, using malware that can take control of infected devices and turn them into a “botnet” that can be harnessed for any number of purposes.
The growth of botnets using IoT devices is caused by the fact that they are now much easier to manage and conceal. Most devices are not secured before deployment and are often vulnerable due to default settings. These devices are “prime targets for malware which can then spread via the internet,” as James Scott, Senior Fellow at the Institute for Critical Infrastructure Technology, told SDxCentral.
Mirai was made open source and it continues to grow.
“Despite the original creators of Mirai botnets being caught, charged and punished in the previous quarter, their creations are still roaming the internet,” Engates mentioned.
‘Fighting Bots With Bots’
The CEO of Engates Inc. said that generally, DDoS attack sizes and frequencies have been steadily growing at an exponential time over the past decade, adding that “he expects this trend to continue until network operators and law enforcement start to take cybersecurity more seriously.”
The number of ransomware DDoS attacks increased by 67% in the past year, and 15% quarter-over-quarter.
Over the years, it has become easier, cheaper and more accessible for internet attackers to launch DDoS attacks, Cloudflare said in their report.
The company recommends detection & mitigation as automated as possible, because “relying solely on humans puts defenders at a disadvantage.”
Cloudflare also noted that protecting against DDoS attacks is difficult because you need to stop attackers before they get in and not just when they attack. To do this you need the ability to differentiate between spikes from an attack, or legitimate high user demand. If a large botnet starts attacking your production systems, you don’t want to block all of their traffic without also blocking. Companies should break up traffic into manageable chunks and continue monitoring for malicious patterns. This will help protect them from DDoS attacks.
Become DDoS resistant with Move DDoS to the Edge for SASE Implementation
A DDoS attack can take down a business within a matter of minutes. This is why it is important to know how to protect against these attacks and what steps you can take to make sure your business is not susceptible.
The first step in becoming DDoS resistant is understanding the different types of DDoS attacks. There are two main types of DDoS attacks: volumetric and application layer. Volumetric attacks are more common and they target the bandwidth that a company has available in order to overwhelm it with traffic and render it unusable. Application layer attacks, on the other hand, target the application itself by identifying vulnerabilities in the code that allow attackers to exploit them and gain access to sensitive data like credit card numbers or passwords. The best way for a company to protect against these kinds of attacks is by implementing SASE (Source Address Validation) or whitelisting into their infrastructure so they can identify where traffic is coming from and block any suspicious activity before it becomes an
Cloudflare is an early player in the secure access service edge (SASE) market that Gartner coined after defining it as the convergence of SD-WAN and security as a cloud-delivered service.
The SASE platform claims to eliminate the need for legacy virtual private networks, hardware firewalls, and DDoS protection appliances. This allows organizations more visibility and control over their network security configurations.
Engates mentioned that traditional and legacy DDoS mitigation solutions rely on scrubbing centers, meaning network traffic gets routed back to a limited number of dedicated centers to be cleaned. So if a scrubbing center goes down, the whole network will get down as well.
Traditional approaches just won’t work anymore. So, the company is doing everything they can to make sure they’re fast and scalable. Which, thankfully, is exactly what they are doing.
Furthermore, Engates explained that distributed denial of service attacks typically are executed with the help of compromised computers and devices all around the world. Filtering malicious traffic from close to the source helps in preventing bottlenecks and congestion.
“Combining DDoS protection with other edge networking & security services, like SASE, is the best way to stay safe. These services are perfect for keeping users and applications protected from cyber threats.
It is vital to invest in DDoS protection that will work efficiently. Cloudflare suggests you move from appliances to cloud-native solutions: solutions which can detect and mitigate threats in real time and allow you to be free of the burden of managing large-scale prevention systems.