The prevalence and sophistication of distributed denial of service (DDoS) attacks has grown substantially this year, and this trend was discussed during a panel session at the Akamai Edge Live virtual conference.
Roger Barranco, VP, global services at Akamai, firstly emphasized how this year has been “record-breaking” for DDoS campaigns: “Not only did we see huge attacks, we also saw some really interesting campaigns,” he noted.
The panel highlighted why the tactic of DDoS is simultaneously attractive to cyber-villains and a cause of major problems for organizations. Lisa Beegle, director, information security, Akamai, commented: “It’s an attacker’s toolkit staple. It’s tried and true, there’s no need to reinvent the wheel.”
For organizations on the receiving end, it’s not only draining on resources to deal with such a relentless form of attack, but it often leads to negative publicity. “If you have a DDoS event and you are down and off the internet, you’re going to end up on the news,” observed Matthew Mosher, regional sales director at Akamai.
The primary reason for the rise in DDoS campaigns has been the sudden shift to remote working that many organizations have had to undertake due to COVID-19, according to Beegle. The lack of preparedness for such a scenario has made businesses extra vulnerable to this tactic. In addition, there are more threat actors now who have more time on their hands, enabling them to “do their due diligence so they’re able to facilitate activity and pivot as they need to.”
She added: “I think this year it has become much more aggressive and I do think the state of the world is partially to blame for that.”
Additionally, the size of attacks has been a notable feature in 2020. Barranco stated: “There has been a 2.4 Terabit size attack out there and we handled the world’s largest packet-per-second attack at 809 packets-per-second this year.”
Akamai has also observed a particularly powerful global extortion campaign this year, with Barranco finding it unique in how it focused on verticals, moving from one industry to another, covering major sectors such as finance, pharma and airlines. “The aggressiveness at which they were going after a wide breadth of entities to attack was impressive, and it was well coordinated because they were doing it in mass, a vertical at a time,” he commented.
The ways in which cyber-criminals leverage DDoS attacks on organizations is also becoming increasingly sophisticated, particularly in regard to their highly targeted nature. “They’ve certainly been doing their research and reconnaissance,” said Mosher.
In the previously mentioned global extortion campaign, attacks were focused on specific IP ranges. Barranco observed: “These attackers took the time to say ‘what do I want to attack?’ and ‘who do I send the letters to?’ so there was a fair amount of reconnaissance performed up front before they moved and launched those attacks.”
To defend against this rising threat of DDoS attacks, the panel agreed that while the increasing use of automation is to be welcomed, the human element needs to remain paramount. Barranco noted: “You have to have a strong human element on top of that, because at the end of the day, you’re fighting a human being frequently that’s kicking off a bot and they are changing all the time, so when they see you put a solid defense in place, they’ll modify in some way in an attempt to circumvent that.”
Overall, for organizations to adequately protect themselves in this current environment, Beegle advised: “Know your environment, understand who the players are as it relates to the different entities within the environment, know what your security posture is from end-to-end, communicate internally as well as externally and do everything you can to educate the people in your organization as to these potential threats.”