Network Security, Incident Response, Network Security, TDR

UK ‘too attractive’ to DDoS attackers

Imperva has released its annual DDoS Threat Landscape report (https://www.incapsula.com/blog/2015-16-ddos-threat-landscape-report.html) which reveals attacks on UK targets have risen by 220 percent over the last year.

These attacks against UK-based businesses make it the second most targeted country behind the USA.

Explaining the large attack rate increase is relatively easy; the use of DDoS-for-hire services such as stressers and booters jumped from 63.8 percent in Q2 2015 to an incredible 93 percent in Q1 2016. Explaining why the UK has become such an attractive target is almost as straightforward.

“The UK has one of the largest and fastest digital economies,” explains Imperva CTO Amichai Shulman, who told SCMagazineUK.com, “This year the UK's digital economy is expected to account for 12.4 percent of GDP, this is compared to the G20 average of 5.3 percent.”

In addition, the Internet is also the UK's second-biggest economic contributor, outweighed only by the property sector. “DDoS offenders like to go after high value targets which they know will reap them many returns” Shulman concludes “and the UK represents the perfect target.”

As Adrian Crawley, regional director for Northern Europe at Radware, also points out “the UK is where the money is and I think this is essentially what this is about - we are the financial capital for Europe and a world class leader in financial sector.”

Andy Herrington, head of cyber professional services at Fujitsu UK and Ireland, suggests it could be as simple as our time zone overlapping with many advanced economies “making the UK a logistically juicy target due to our position as a global hub.”

While CR Srinivasan, SVP Cloud and Security Services at Tata Communications, thinks publicity could be key. “Given the concentration of global media based in the UK and the US” he told us “it is unsurprising to see these nations near the top of the attacked nations list.”

Srinivasan is keen to point out, however, that the statistics do not distinguish how many of these attacks are successful “but simply that they happened.” Nonetheless, that the UK is being targeted so often is of concern. Enough that many are asking how the nation can ‘get ugly' and stop being so attractive to the DDoS attackers.

One reason DDoS attacks are popular is courtesy of being comparatively cheap to execute and expensive to defend against. “One way to stop them is to raise the cost for the attacker” Marc Laliberte, information security threat analyst with WatchGuard Technologies told us, adding, “the UK needs to advocate for ISP adoption of BCP38 and the updated BCP84.” Both of which can help prevent spoofed amplification attacks, one of the least expensive attacks to launch.

Medhi Daoudi, Catchpoint CEO, reckons that uglier is also about being more vigilant. Which means being smarter in “watching out for the signs sooner and thus moving faster to stop or minimise the damage.”

Something that James Parry, technical manager at Auriga, agrees upon. “We need to look at proactive security threat handling” Parry insists, “so that instead of waiting for these attacks to manifest themselves we look for the early indicators.”

Certainly there's usually background chatter preceding large scale attacks on forums or buying patterns in the dark web that, when combined with geo-political changes, can often be used to project the likelihood of an attack using next-generation SOC services.

And to mitigate the attacks, making us ugly as hell to the would-be assailant, businesses could move as many services as possible to cloud-based, hosted infrastructure due to the multitude of services and ISPs which feed most cloud providers.

“It's hard to crush a cloud service provider with a DDoS attack” concludes Ian Trump, global security lead at LOGICnow “with this architecture, unless your cyber-criminal has painstakingly mapped out all the internet connection points, including employee's home IP addresses, chances are you could run your business from a hotel board room.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.