Serviceteam IT Security News

In an increasingly politically and economically volatile landscape, cybercrime has become the new geopolitical tool. Attacks on political websites and critical national infrastructure services are ever more frequent not only because the tools to do these are simpler, cheaper and more widely available, but also due to desire and capabilities of attackers to impact real-world events such as election processes, while staying undiscovered. Not surprisingly, a third of respondents to NETSCOUT’s latest Worldwide Infrastructure Security Report saw political or ideological disputes as motivation for DDoS attacks.

As such, we are reminded that cyberattacks against elections are a major concern for the US—recall the recent DDoS attack that crashed a Tennessee county’s website on election night in May. The Department of Homeland Security has warned against voting machine hacks and targeted attacks against campaigns. The agency said that in 2016, hackers targeted election systems in 21 states.

Election officials are on high alert for future DDoS attacks and the risk they pose to availability of systems, and more importantly, to confidence in the entire system, which hangs in the balance as we consider the integrity, sanctity and validity of election results overall. Moreover, DDoS attacks on election night pose risk to the availability of information. Imagine if the AP suffered an outage due to a DDoS attack on election night?

The Risk of Volumetric Attack

The sudden emergence of MemcacheD as an attack vector earlier this year certainly brings the possibility of a massive DDoS attack into focus for election officials. The reality is that while 2018 has ushered in an era of terabit DDoS attacks, with the largest one clocking in at 1.7Tbps, we’ve seen evidence that it will also prove to be a year faced with application-layer attacks as well.

Unlike volumetric attacks, which overwhelm networks quickly by consuming high levels of bandwidth, application-layer attacks are more subtle and insidious – and much more difficult to detect and block. The application-layer attack, sometimes called a Layer 7 attack, targets the top layer of the OSI model, which supports application and end-user processes. In these outbreaks, attackers pose as legitimate application users, targeting specific resources and services with repeated application requests that gradually increase in volume, eventually exhausting the ability of the resource to respond. Widely regarded as the deadliest kind of DDoS attack and often fueled by botnets such as Mirai and it’s many successors, application-layer attacks can inflict significant damage with a much lower volume of traffic than a typical volumetric attack, making them difficult to detect and mitigate proactively with traditional ISP or cloud-based monitoring solutions. They have a singular goal: take out a website, application or online service. While service providers can detect and block volumetric attacks as well as larger application-layer attacks, smaller application attacks can easily escape detection in the large ISP backbone, while still being large enough to cause a problem for the enterprise network or data center.

Domain name system servers (DNS), the directories that route internet traffic to specific IP addresses, are the most common targets, and HTTP and secure HTTPS services are also targeted frequently, rendering them unavailable to legitimate requests. In fact, many business-critical applications are built on top of HTTP or HTTPS, making them vulnerable to this form of attack even though they may not look like traditional public web-based applications.

Best Practice DDoS Defense

To effectively detect and mitigate this type of attack in real time, what’s needed is an inline, always-on solution deployed on-premise as part of a best-practice, hybrid DDoS defense strategy combining cloud-based and on-premise mitigation. An intelligent on-premise system will have the visibility and capacity to quickly detect and mitigate these stealthy, low-bandwidth attacks on its own, and early enough to avoid the need for cloud mitigation. Should the attack turn into a flood, the on-premise system can instantly activate cloud-based defenses through cloud signaling. Deploying any widely available on-premise component of a hybrid DDoS defense solution, including those from NETSCOUT, can mitigate the vast majority of application-layer attacks before they can do damage. For organizations facing budget and resource constraints, managed DDoS service options provide them with a means to save money, amplify in-house resources and reduce risk. Outsourced or in-house, a hybrid DDoS defense ensures detection and mitigation across the full spectrum of DDoS risks while protecting availability.

About the author: Hardik Modi is Senior Director, Threat Intelligence at NETSCOUT|Arbor. He is responsible for the Threat Research and Collections teams, ASERT and ATLAS, respectively. In this role, he drives the creation of security content for NETSCOUTs products, enabling best-in-class protection for users, as well as the continuous delivery and publication of impactful research across the DDoS and Intrusion landscapes.

Source: infosec island

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!