Why is there a growing DDoS crisis? Who are the DDoS threat actors that are most dangerous, and what methods do they use? How is it possible that leading DDoS protection solutions continue to leave enterprises vulnerable to damaging downtime?
In our recent webinar, Red Alert: Crippling DDoS Attacks Strike Europe, MazeBolt cybersecurity experts Alon Yaffe, Senior Solutions Architect, and Matan Burstein, Channel Manager, shared their insights on how to avoid damaging downtime despite the surge of DDoS attacks hitting Europe. The conversation focused on the relentless wave of attacks making headlines across Europe, with recent incidents reported in Italy, France, Germany, Luxembourg, Switzerland, Greece, the UK, and beyond. Here’s some of what was discussed.
Why DDoS Attacks Still Cause Damage
Alon started out by talking about why DDoS attacks are so successful right now, especially in the financial markets in Europe and the US. “It’s not that they don’t have DDoS mitigation services or equipment deployed,” he explained. “They have it all, but it’s not well configured – and that leaves them exposed to DDoS vulnerabilities.”
More Money – Same Problems
Matan discussed what type of companies are getting hit by DDoS attacks. “We’re talking about the highest level of companies – companies using the top vendors in the world. They still go down, and it’s not because they don’t invest enough money, or they don’t invest enough attention to this problem. It’s because the methodology needs to be changed.”
Understanding DDoS Vulnerabilities
Alon explained that a DDoS vulnerability is the result of the combination of:
- An attack vector
- An online, publicly available target
- A port that is not configured correctly in the DDoS mitigation solution
The Growing Role of Vast Botnets and IoT Devices
Even with the best DDoS protection solutions, enterprises continue to suffer from damaging DDoS downtime. “This is true even in environments that have multiple protection layers – such as the Content Delivery Network (CDN), Scrubbing Center, and Web Application Firewall (WAF),” Matan explained. “There’s been a massive increase in layer 7 attacks – application layer attacks. With the growth of IoT devices, vulnerabilities are being used to infect IoT devices with malware, creating vast botnets that are used to create DDoS attacks. Mirai malware is very common now.”
Proactive vs. Reactive
Matan talked about the need for a new, proactive approach for eliminating DDoS downtime. “Make sure that you test and simulate your entire attack surface, every site, every public-facing service. It doesn’t matter if it’s the CDN, the Scrubbing Center, the WAF, or on-prem solutions, everything needs to be tested and tweaked. You also need to make sure to test all vectors – not to leave any other vector unchecked. This is something that needs to be done all the time – not just during specific maintenance windows. It needs to be done continuously throughout the year.”
What’s Wrong with Red Team Testing
Matan pointed out, “The problem with Red Team DDoS testing is that it requires a maintenance window – as, obviously, launching a DDoS attack against your organization during a regular, working hours impacts the services you provide. As a result, it’s not possible to test all the different sites and services within the organization. We handpick just a few of them – we can’t do all of it. In our bank of attacks, we have more than 150 different types of attacks. But during one maintenance window, we cannot test all attacks against all the services. It’s just not possible. There’s a limit to the number of simulations we can do.”
He continued, “Another issue that usually companies are mandated to do Red Team testing once a year, maybe twice a year – in some cases, quarterly. This is the extent of what they’re mandated to. It creates a problem, as what’s necessary is to have everyone conducting testing on everything – all the time.”
To watch the full webinar, click here.
