AVENGERS: THE INFINITY WAR IN THE AGE OF DDOS ATTACKS

AVENGERS: THE INFINITY WAR IN THE AGE OF DDOS ATTACKS

Yes, we get it. Distributed Denial of Service (DDoS) attacks is a dry, technical topic. It is not sexy. The terminologies – application layer, multi-vector attacks, deep packet inspection – are complex. Plus, the endless list of acronyms – DDoS, FPGA, SSL/TLS – can be intimidating.

Yet, we see these headlines in the media every other week – “Deloitte hit by cyber attack revealing client’s secret emails”, “Equifax CEO Richard Smith resigns after uproar over massive hack”, “Cyber attack costs could hit $300 million for shipping giant Maersk”, “Teenage hacker jailed for masterminding attacks on Sony and Microsoft”…

NOW is the right time to learn about DDoS attacks – is it not?

If DDoS attacks were villains…

If you are starting to feel a little apprehensive about the amount of technical know-hows that you need to keep up with, fret not! Here’s a simple analogy to help you understand today’s evolving DDoS attacks.

Think Avengers.

Infinity stones are coveted objects, stored in highly secured vaults. Loki attempts to steal them. He leads an army, and they charge towards the target in a single direction. Using brute strength, sheer force, and volume, Loki and his army tries to break the Avengers’ line of defense, which is made up mainly of the Hulk, Captain America and Thor who rely on muscle and strength.

The army’s behavior is similar to the traditional single-vector DDoS attacks.

Just like how the Hulk can defeat the army, a firewall can defend against this traditional DDoS attacks.

As such, Loki carves out a new strategy. Again, he leads an army, but this time, he invades from all directions. The Avengers are darting everywhere to contain the chaos, but Loki and the army constantly change their strategy – using both brute strength and psychological manipulation – to outsmart the Avengers. Alas, the Avengers do not have Iron Man or Black Widow who fight not only with brawn but with brains as well in their line-up.  So, amidst this disorder and confusion, Loki and the army notice that the security at the vault’s backdoor is weak and unguarded. They immediately switch tactics and attack via the defenseless backdoor. As a result, they successfully obtain the Infinity stones.

This scenario simulates how DDoS attacks behave today. 

Now, what if the Infinity stones are your internal and external stakeholders’ personal data, financial records, or expensive research instead? What if losing the Infinity stones means crippling your business’ critical online services, messing up your financial transactions, or immobilizing your online portals?

DDoS attacks are increasing in size, and sophistication. They use a plethora of diversionary tactics to confuse IT teams, while a “lo-ki” intruder infiltrates the system to steal precious data. This is what we call “multi-vector DDoS attacks” today.

According to a recent IDG Connect report commissioned by A10 Networks, enterprises experiencing between six and 25 attacks per year has ballooned by more than four times since 2015.

Why are DDoS attacks happening?

Cybercriminals have an agenda

In the past, DDoS attacks were typically launched by parties looking to create mischief. Today, cyber criminals are in it for various reasons. It could be for monetary gains. Hackers can threaten organizations to pay ransom to retrieve their data, or sell the stolen data in the dark web. 

Sometimes, these hackers are also paid to carry out cyber attacks. According to the Cyber Security Agency of Singapore, an unnamed public organization was hit by an advanced persistent threat in 2016. Investigators found that the attacks were carried out by a group of state-sponsored attackers.

Today, cyber criminals also use DDoS attacks as a tool of protest. Government agencies, and organizations have had their websites shutdown by anonymous hackers wanting to prove a point.

Human errors are a cause of cyber attacks too

Human errors can result in cyber attacks too. According to A10 Networks’ Application Intelligence Report, more than half (55%) of the respondents in Asia believe that application or data security is not their responsibility. They expect to be protected by either their company or third-party app developers instead. This makes Asian the biggest risk takers, leading to careless behavior.

Globally, almost half (48%) of IT leaders agree or strongly agree that their employees do not care about following security practices.
Gaps in conventional security infrastructure 

Conventional security infrastructures can protect against volumetric DDoS attacks. However, DDoS threat vectors are continuously evolving, often leaving gaps in conventional security infrastructures. For instance, Application-layer DDoS attacks are more stealthy and even more difficult to defend against because instead of relying on sheer volume to overwhelm network bandwidth, an application-layer attack targets specific application vulnerabilities.  Unfortunately, many vulnerabilities that exist in the proprietary code of web applications are unknown to existing/traditional securitydefense solutions.

Another key shortcoming with today’s business solution is slow detection and tardy mitigation – imagine if the Avengers prepare for battle only when Loki and his army are right at the entrance. According to a global study by Neustar, over 50 percent of enterprises take three hours or more to detect a DDoS attack on their website in 2016. 48 percent take at least three hours to respond.

As DDoS attacks increase in size and sophistication, there is an increased need for DDoS solutions that offer both best-in-class, high-performance DDoS mitigation, and precise DDoS detection.

Avengers of DDoS Protection

To combat against today’s evolving DDoS attacks, A10 is strengthening its A10 Thunder TPS (Threat Protection System) platform with the addition of surgical flow-based detection – Thunder TPS Detector. 

Here are a few key features of the Thunder TPS Detector:
      The Thunder TPS Detector tightly integrates with A10 Thunder TPS Mitigator and A10 aGalaxy TPS management solution to provide automated detection and mitigation
      The new solution can manage 500,000 flows per second to swiftly and efficiently detect attacks which is more than double the industry’s closest competitive flow-based DDoS detection

Here’s how it works, and benefit enterprises:
      TPS Detector analyzes traffic to detect an attack
      Once an attack is detected, it triggers the Thunder TPS Mitigator to make the appropriate response
      Thunder TPS assesses and understands the severity of a DDoS attack, and then auto escalate suspect traffic through progressively tougher countermeasures.
      Countermeasures are run automatically to mitigate DDoS attacks before they spread and wreak havoc
      Multi-protocol counters and behavioral profiling are used to map out peacetime network conditions. This baseline is then intelligently applied for precise detection of anomalies across the traffic spectrum. 
      Deep traffic visibility and profiling also distinguishes legitimate users from attacking botnets and complex application-layer attacks.
      It is DDoS defense at scale, thus protecting businesses from today’s aggressive and persistent DDoS attacks


Remember, in the age of DDoS attacks, the strength of a Hulk will not suffice. Businesses need a solution that combines the intelligence of Iron Man, sharpness of Hawk Eye, swiftness of Quicksilver, and the mind-manipulation expertise of Black Widow. 

For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
SHARE
    Blogger Comment
    Facebook Comment

0 comments: