DDoS – the ever growing security threat
DDoS is now considered one of the primary threat types facing virtually every industry and business area that is exposed to the public Internet. DDoS attacks have been carried out by diverse threat actors, ranging from individual criminal hackers to organized crime rings and government agencies. They have been part of the criminal toolbox for twenty years, and are growing more prevalent and stronger. DDoS attacks started from simply sending an overwhelming number of emails from a single source. Due to the ease of stopping these attacks, attacks have now evolved to come from thousands of compromised agents (bot -nets) acting on behalf of a cyber-criminal or gang.
The DDoS Landscape
In an article written by Marc Wilczek, COO at Link11, he discusses the DDoS landscape and explores where we were in 2018 with DDoS and where we are to go in 2019.
According to the UK’s National Crime Agency, DDoS as the leading threat facing businesses. The Agency noted the sharp increase in attacks on a range of organisations during 2017 and into 2018, and advised organisations to take immediate steps to protect themselves against the escalating threat.
According to Mr Wilczek, if 2018 saw attacks growing in volume and complexity, what attacks can we expect to see in 2019?
- DDos attacks via Botnets.
- Attack tactics, for which SSL encryption have long since ceased to be a defence, will gain even more intelligence in the coming months.
- Highly-targeted attacks, such as those on web applications, will also continue because the rewards are so high.
- 2019 could be the year in which a hacktivist collective or nation-state will launch a coordinated attack against the infrastructure of the internet itself.
To get a better idea around the DDoS landscape read the full article here.
Moving forward
The number and types of attack vectors around today is simply staggering. As a result, organisations are susceptible to outages across the stack at multiple layers, from web applications to the platforms and networks delivering them. Attackers are now using an array of changing attack methods; continually re-calibrating attacks dynamically based on responsiveness of target systems and can also launch attacks from a range of sources distributed across the globe.
Despite investment in DDoS mitigation, testing solutions is seldom on the agenda of most vulnerability management programs that focus on vulnerability scanning and pen testing. This three-hour lab will deliver an effective approach to validate your defenses against all forms of DDoS including the ability to simulate attacks, measure your response and determine if your operational practices are working.
RSA USA Conference 2019
Our COO Murray Goldschmidt is conducting a Learning Lab at the RSA USA conference in San Fransisco. The Learning Lab will be held on Wednesday 6th March between 1.30pm-4.30pm. It will focus around designing and operating a DDoS testing program. For more information and to secure your spot for the lab, visit the RSA website.
Sydney Learning Lab
For everyone else that is interested to attend a learning lab on this DDoS topic and are unable to attend the conference in the USA, Murray will also be running the DDoS lab at our Sydney Office on Wednesday 27th Februray. For more information or to register your interest in attending the lab contact us on 1300 922 923, email us at [email protected] or completing our enquiry form by pressing the button below.