By Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT
DDoS attacks hit a peak of 13 million in 2022, setting a new record for attack frequency. At the same time, adversaries are becoming more effective at circumventing traditional DDoS mitigation strategies. In the Middle East, wired telecom carriers, data processing hosting, computer programming, and commercial banking were among the major industries targeted by adversaries.
NETSCOUT’s latest threat intelligence report found that DDoS attacks are constantly evolving, and becoming more difficult to detect as they resemble legitimate traffic. As such, they require a high level of skill and technology for defenders to recognize them as attacks.
These attacks progressed from simple denial-of-service attacks to dynamic distributed denial-of-service attacks, in which attacks develop and adapt to defeat network defenders. This is taking place as attackers continue to grow and deploy new botnets, resulting in a shifting paradigm centered on direct-path attacks. Complex multi-vector attacks and more sophisticated adversary methodologies have become commonplace, emphasizing the need for intense threat landscape scrutiny and an ever-evolving defense-in-depth posture to withstand the onslaught of attacks ranging from carpet-bombing to application-layer and state-exhaustion attacks.
With access to enterprise networks and web-based apps and services becoming more common than ever, DDoS attacks can be catastrophic for any firm that relies on the Internet.
DDoS always attempts to disrupt, destabilize, and deny availability and often succeeds. While the cybersecurity community digests these new security risks, it is critical to dispel myths, and recommend new methods to strengthen defensive capabilities and reduce cybersecurity risk.
DDoS attacks are one of the most common cybersecurity threats that businesses face today. They increased 807 percent from 325,000 in Q1 2013 to 2.9 million in Q1 2022, rising from hundreds to thousands between 2005 and 2013.
Today, DDoS attacks are more complex and sophisticated. Modern DDoS attacks frequently conceal other types of intrusions, as bad actors use several attack routes to find weaknesses to exploit. NETSCOUT has seen up to 30 different attack vectors in a single campaign, giving rise to the new term “adaptive DDoS.”
Businesses can mitigate risk and protect information, applications, systems, and people by integrating security event and incident management (SEIM) solutions and accepting indicators of compromise (IOC) from third parties. They should also protect stateful devices such as firewalls, or leverage global threat intelligence and expertise. By employing an intelligent combination of on-premises and cloud-based DDoS protection, businesses can detect and block DDoS attacks and other cyberthreats before they disrupt business-critical services.
The dynamic nature of cyberattacks, combined with the ever-changing nature of any network, needs regular enhancements, reassessments, and diligence. Organizations must constantly improve their DDoS defense strategies to stay up with the frequently changing attack tactics and strategies of criminal actors and nation states. In the high-stakes duel of cyberattacks and cyber defenses, every change introduces possible new vulnerabilities, and every action creates a reaction.
Adaptive DDoS attacks require a DDoS suppression posture, enabled by edge-to-edge visibility to suppress DDoS attack traffic as it targets various locations throughout the whole network edge – before it becomes a large-scale attack. Regardless of the scope and complexity of their environment, organizations need unique and unrestricted visibility across all attack surfaces, so that they are constantly aware of their own vulnerabilities and know how bad actors have breached cyber defenses.
The traditional approach is no longer viable. Instead, businesses must adjust their defenses, adapt to the changing threat landscape, and shift from a default posture of DDoS mitigation to a new paradigm of adaptive DDoS suppression.
