UPDATED 11:44 EST / NOVEMBER 03 2021

SECURITY

Netscout threat report identifies rise in DDoS attacks and increased criminal agility

Netscout Systems Inc. recently released its biannual “Threat Intelligence Report,” and the findings offered a sobering assessment of a cybersecurity landscape under siege.

One key trend worth noting was that distributed denial of service, or DDoS, attacks are on pace to eclipse last year’s record of 10 million. These attacks send multiple requests to a specific web address, overwhelming capacity and forcing it to shut down.

This may well be another byproduct of an expansion of the attack surface that began in 2020 during the global pandemic.

“Just in the first half of 2021 we saw almost 5.4 million DDoS attacks,” said Richard Hummel (pictured), manager of threat research at Arbor Networks, the security division of Netscout. “The COVID pandemic and everything that happened with remote work and education moving to remote had a hand in exponentially increasing the threat landscape that adversaries have at their disposal. There’s so much more that adversaries are able to hook into.”

Hummel spoke with Lisa Martin, host of SiliconANGLE Media’s livestreaming video studio theCUBE. They discussed recent trends identified in the report, increased speed and sophistication among cybercriminals and ways that enterprises can protect against damaging intrusions. (* Disclosure below.)

New techniques identified

The growing speed and technological sophistication of cyber adversaries stood out in Netscout’s latest report. Security researchers have noticed the increased use of booter services for launching DDoS attacks, offered by enterprising criminals and often accompanied by video tutorials and email support.

Attackers are also using a technique called TCP Ack Flood, according to Hummel, which overwhelms a server with transmitted packets.

“What we’re seeing here is a switch; we’ve moving from a connection list to more niche things like TCP Ack Floods,” Hummel said. “It’s the first time we’ve seen TCP Ack Floods take first place. This is an age of innovation, and we’ve been in an innovative space in the cybercrime world for a couple of years now.”

In addition to using specialized techniques for particular attacks, cybercriminals are also adding speed to their arsenal. Netscout researchers noted that attackers are responding quickly when new security measures are put in place.

“Adversaries are very quickly iterating and pivoting to follow what we’re doing and overcome that,” Hummel said. “We’re talking about seconds or minutes. It’s really rapid and really fast.”

The basic delivery of goods and services in today’s digital age depends heavily on the internet, a situation which Netscout characterizes as the connectivity supply chain. This ecosystem has come under serious attack as threat actors focus on supply chain resources such as virtual private network concentrators and vulnerable DNS servers.

The problem is that the DDoS takedown of a supplier’s website can have ripples of damage that impact multiple businesses dependent on certain services.

“What we’re calling the connectivity supply chain is really just that,” Hummel said. “If any one of these went down from a DDoS attack, you’re talking about massive collateral damage.”

Ransomware expands

Netscout’s threat report also identified a new twist on the ransomware saga – triple extortion.

“Adversaries are now adding a third tactic to this – the DDoS,” Hummel noted. “It’s not enough that we encrypted your files; it’s not enough we stole your data. Let’s knock your network offline.”

Hummel advises that organizations focus on preparing for the inevitable attack by understanding what every device is doing on any given network, avoiding one central point of connectivity and ensuring that all software is up-to-date and patched.

“By practicing a lot of this preparation, this isolation, the segmenting of your networks, you’re also helping in the DDoS space, because if they go after one network asset, you have others to fall back on,” Hummel said. “Ninety-nine percent of all DDoS attacks can be prevented if you have a mitigation and protection solution in place. You might go down for a period of time, but you can recover services.”

Here’s the complete video interview, one of many CUBE Conversations from SiliconANGLE and theCUBE. (* Disclosure: Netscout sponsored this segment of theCUBE. Neither Netscout nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.