By Kirill Kasavchenko
In an increasingly politically and economically volatile landscape, cybercrime has become the new geopolitical tool. Attacks on political websites and critical national infrastructure services are ever more frequent not only due to the ease of launching but also due to desire and capabilities of attackers to impact on real-world events such as election processes while staying undiscovered.
In June, a distributed denial of service (DDoS) attack was launched against the website opposing a Mexican presidential candidate during a debate. This renewed fears that cybercrime now aims to impact events far beyond the boundaries of the digital realm. Though not a national service, this attack signified the stability of the election process and highlighted the risks of candidate websites being knocked offline. Coincidence? Perhaps. Or maybe an example of the phenomenon security experts call “cyber reflection,” when an incident in the digital realm is mirrored in the physical world.
With critical national services and geopolitical interests at stake, no wonder why cybercrime was ranked cybercrime was ranked as the third greatest global risk the recent World Economic Forum report. DDoS attacks are often about symbolism – threat actors flexing their muscles and wreaking financial havoc just to show what they are capable of.
Cyber reflections once again alters the risk calculus for enterprise security officers, particularly for global financial institutions and other supra-national entities whose power makes them prime targets, whether for state actors or disaffected activists. You simply don’t know when the next attack will come, where it may come from, who may behind it or why they are motivated to strike. You just have to be prepared.
Of course, trying to answer the when, where, who and why questions is an essential part of DDoS defense. Global threat intelligence professionals, like NETSCOUT Arbor’s Security Engineering & Response Team, feed a steady stream of threat landscape data and real-time alerts to enterprise security teams. But vigilance needs to be accompanied by strength. The best defense requires guarding every attack vector and sealing every vulnerability. Today’s DDoS attacks are increasingly multi-vector and multi-layered, employing a combination of large-scale volumetric assaults and stealth infiltration targeting the application layer. Defenses also need to be able to scale to protect against all levels of attack, from barely detectable entry attempts to overwhelming force. Best practices call for a hybrid defense posture, with on-premise devices that can handle every day, small-scale attacks, complemented by cloud-based mitigation when attacks reach a certain size threshold.
Because security resources are often stretched thin and teams can’t be minding every gap, automated detection and response should be a key part of the DDoS arsenal as well. Organizations should also give serious consideration to managed DDoS security services, which reinforce in-house resources with proven technologies and professional expertise dedicated to DDoS. This has the additional benefit of reducing operational overhead compared to building in-house defenses and a team to run them from scratch.
In the wake of recent attacks, NETSCOUT Arbor’s principal security technologist for EMEA, Kirill commented: “The weapons on the battlefield are ever-changing, so defenses must evolve in parallel,” he said. “Co-operation and information sharing are at the heart of this, as they allow all parties based on the current threat landscape.”
Whenever a controversial incident occurs in the real world, keep an eye out for signals from the cyber world, and ask yourself if there’s any imaginable reason that reflective mirror might be aiming at you.
Kirill Kasavchenko, Principal Security Technologist, NETSCOUT Arbor