Posts Tagged :

Distributed Denial of Service

DDoS attacks were ‘bigger and more complex’ in 2021

960 640 Stuart O'Brien

Distributed Denial-of-service (DDoS) attacks decreased slightly in 2021 but are becoming larger and more complex in nature, new analysis from F5 has found.

Data collected from F5 Silverline showed a 3% year-on-year decline in the overall volume of attacks recorded in 2021. However, while volume may have declined, the severity of attacks ramped up markedly over the course of the year.

By Q4 2021, the mean attack size recorded was above 21 Gbps, more than four times the level from the beginning of 2020. Last year also saw the record for the largest-ever attack broken on multiple occasions.

“The volume of DDoS attacks has fluctuated by quarter, but the unmistakable trend is that these attacks are getting larger,” said David Warburton, Director of F5 Labs. “While the peak size of attack remained steady throughout 2020, last year we saw it climb consistently. This includes Silverline DDoS Protection tackling several attacks that were successively the largest we had ever seen by an order of magnitude.”

While most attacks recorded in 2021 were under 100 Mbps, there were some notable exceptions.

After the largest attack of 2020 topped out at 253 Gbps, there was one that struck in February 2021 measuring 500 Gbps. The record was shattered again in November with an attack weighing in at 1,4 Tbps—more than five times larger than the previous year’s record.

Targeting an ISP/hosting customer, maximum attack bandwidth was reached in just 1,5 minutes, and lasted only four minutes in total, harnessing a combination of volumetric (DNS reflection) and application-layer (HTTPS GET floods) methods.

Volumetric attacks, which use publicly available tools and services to flood a target’s network with more bandwidth than it can handle, continued to be the most common form of DDoS in 2021, comprising 59% of all recorded attacks. This represented a slight decline from 66% in the previous year, as the prevalence of protocol and application-type DDoS attacks ticked up, the latter increasing by almost 5% year-on-year.

This slight shift was underlined by changing the utilisation of protocols. 27% of attacks in 2021 harnessed TCP, up from 17% the previous year, and indicative of the requirements of more complex application and protocol-based attacks.

In terms of specific attack methods, there were some notable changes in prevalence: DNS query attacks became more common, up 3,5% year-on-year and the use of UDP fragmentation declined 6.5%. LDAP reflection also diminished by 4,6% and DNS reflection by 3,3%.

“Alongside changes in attack type, we continued to observe strong prevalence of multivectored attacks, including the 1,4 Tbps incident that utilised a combination of DNS reflection and HTTPS GETS,” added Warburton. “This was particularly true at the start of the year, when multivectored attacks significantly outnumbered single-vector assaults. It illustrates the increasingly challenging landscape for threat protection, with defenders needing to employ more techniques in parallel to mitigate these more sophisticated attacks and prevent a denial of service.”

Banking, financial services and insurance (BFSI) was the industry most targeted by DDoS attacks in 2021, subjected to more than a quarter of the total volume. That continued a trend which has seen attacks against BSFI steadily rising since the beginning of 2020.

By contrast, technology, the most targeted sector of 2020, fell into fourth place behind telecommunications and education. Between them, these four industries accounted for 75% of all recorded attacks, with a long tail of others including energy, retail, healthcare, transportation and legal that saw hardly any adverse activity.

“Even though the number of attacks tapered off slightly in 2021, the DDoS problem is by no means abating,” said Warburton. “Both the size and complexity of these attacks are increasing, demanding a more agile and multi-faceted response from defenders.

“Although it is reasonable to question the efficacy of attacks that may only last for a few minutes, threat actors know that even a short interruption to a service can have significant consequences and adversely impact brand and reputation.

“As the sophistication and variety of DDoS attacks increases, organisations will find themselves using a wide variety of measures to protect against them, including upstream controls to inspect and limit the traffic reaching endpoints, and managed service providers who can work alongside internal security teams both to prevent attacks and move quickly to mitigate those in progress.”

Guest Blog, Albie Attias: 5 tips on executing an effective email security strategy

800 450 Jack Wynn

Organisations’ email networks are vulnerable to cyber-attacks; whether from traditional spam emails – in which users may be inclined to download Malware-ridden attachments – to Distributed Denial of Service (DDoS), which can block email access by bombarding the servers with messages. All organisations, no matter how small, should implement an email security strategy to minimise the risk of attacks and breaches. Below, Albie Attias, managing director of hardware reseller King of Servers, details his top tips for implementing a successful email security strategy.

Efficient deployment

One of the first things an organisation should look for from any type of security software is how it integrates with their systems. The software should not be a standalone solution, but rather feed into an overarching cyber security strategy. For this reason, antivirus software needs to be able to integrate easily with other software and deployment needs to be efficient.

It should also be straightforward for your IT department to configure; a good rule of thumb is to look out for those which offer lots of different customisable options.

Self-service spam quarantine

In many organisations, IT resources are incredibly limited, and in smaller businesses there may only be one person manning the IT department. You could save these employees a lot of time (consequently freeing up resource for more important issues) by running a self-service spam quarantine so the IT department doesn’t have to vet emails manually. For instance, email filtering gateways are useful for capturing obvious spam, however, there is still a small number of emails that could be spam, but aren’t obviously so. Self-service spam quarantine works by flagging these emails as questionable; ultimately allowing the recipient to make the final decision rather than filtering them out entirely.

End-user education

In addition to investing in security systems, organisations should educate their staff on common scams to be aware of. No anti-virus software or phishing filter will be 100 per cent perfect; there will always be the odd rogue email that makes its way through, and if a user clicks the phishing link or downloads the attachment, the whole network could be in jeopardy. Make sure staff members are familiar with the latest scams to minimise the risk of such attacks.

Disaster recovery protocol

It is important to accept that, even with the most robust systems in place, security breaches are sometimes unavoidable. For this reason, organisations should have a disaster recovery protocol in place. It goes without saying that everything important should be backed up on a regular basis – would you be lost without those emails? If so, you need to assume the worst and make sure copies are available in the event of the originals being compromised.

For larger organisations, disaster recovery for IT security in general may even stretch beyond the technical remit. Organisations have a moral obligation to inform customers that their details have been compromised as some will use similar usernames and passwords for other websites.

Conduct regular security audits

Auditing is key to identifying areas of vulnerability when it comes to IT security, and while some organisations do conduct regular audits, a large percentage does not. In 2015, a Spiceworks survey revealed 62 per cent of IT professionals said their organisation does not carry out regular audits.

Security audits can be time consuming to conduct, but the benefits are huge. They enable the IT department to highlight vulnerabilities and potential backdoors, which streamlines future expenditure. As part of the IT security series King of Servers is running on its blog, we wrote a guide to conducting a security audit, which is worth referring to in preparation.

Email security is integral to organisations reducing the risk of data breaches. Not only does it protect the organisation and its users, it can also protect consumers, clients and subscribers against receiving harmful emails under your company’s name.

 

Albie Attias is managing director for IT hardware reseller, King of Servers, an organisation which has thousands of products in-stock and ready to ship, at unbeatable prices. Albie is also a highly experienced e-commerce manager with a track record of conceiving and implementing cost effective eCommerce solutions.