By Robin Schmitt
General Manager, APAC, Neustar
The crackdown against DDoS (Distributed Denial of Service) attacks is like an arms race for enterprises. They are constantly outnumbered by enemies on all fronts on a battlefield with only a sword and shield in hand – while their opponents are armed with projectile machine guns – making the enterprises’ odds of winning this battle slim to none.
Within the past few years alone, the Philippines has become a prime target for DDoS attacks. 2016 saw 68 government websites – including the Department of National Defense – fall victim to DDoS offenses. In 2017, the National Union of Journalists of the Philippines was also a target for DDoS perpetrators – shutting down the website and rendering the journalists defenseless. It has become clear that while the benefits of digitized processes are tremendous, it also opens up avenues for cyberattacks against us.
Consequently, it comes as no surprise that IDC predicted that by 2018, cybersecurity will remain high up on the agendas of business leaders, receiving 30 percent of fixed capital spend among the top 1,000 Philippines-based companies. Neustar’s research further validates this – the security solutions provider found that 90 percent of organizations were hit by breaches that stemmed from DDoS offensives.
IoT as a DDoS attack tool
The emergence of cloud computing and IoT (Internet of Things) devices has streamlined the infrastructure of today’s connected world. However, they have also become a tempting target for DDoS attacks – more than 78 percent of enterprises experienced attacks while their IoT devices were in operation.
Frost and Sullivan predicted that IoT spend in the Philippines is estimated to surge from US$55.1 million from 2014 to US$766.8 million by 2020. As the adoption of IoT technologies progresses from a stage of nascence to an enterprise driver, organizations are left with their hands full in attempts to secure the enterprise value chain. Once attackers get hold of vulnerable IoT devices and exploit the security deficiency, it becomes nearly impossible to prevent infection without issuing a security update or recalling the affected devices. With 89 percent of organizations suffering a breach, including data theft, dangerous ransomware, and network compromise with DDoS attacks, the dream of a connected world might be a disaster in the waiting.
Last year was inevitably a watershed moment in IoT security; headlined in the form of IoT botnet Reaper or IoT Troop causing massive destruction at one go – amassing more than 20,000 devices and affecting 2 million hosts that have been identified as potential botnet nodes.
What’s more dangerous is that some of these attacks were used as smokescreens to disarm an organization’s cybersecurity shield while simultaneously causing a temporary relaxation of networking defenses to alleviate the effects of the DDoS. Neustar found that more than half (51 percent) of Asia Pacific organizations reported falling prey to viruses stemming from DDoS attacks. As IoT adoption increases, the number of IoT-driven botnets is only set to escalate, presenting attackers with more opportunities to elude detection.
Better Detection = Greater Protection
As attacks scale in complexity, the average organization needs at least a couple of hours to definitively detect a DDoS attack and another few hours (if you are lucky) to react and resolve the issues.
To put this into context, it’s estimated that financial services sector in Asia Pacific could be staring at revenue losses upwards of US$15.2m when six hours are taken to respond to a DDoS attack. You can probably imagine the amount of financial impact to the victims during the earlier attacks on the three stock brokerage firms and a bank in July 2017.
This threat represents a new reality where the strikes have morphed beyond standard and commonplace into dangerous and continuous. The financial risks alone can exceed far beyond a quarter of a billion dollars and drives home the point that speed in detection and response is an ally to risk mitigation practices.
Neustar found the top three organizational motivations behind DDoS defense investments, namely: preserving customer confidence, prevention of associated attacks including ransomware and proactively strengthening existing protection. It should come as no surprise that those who seek to harm companies use DDoS as a weapon.
There is however, a silver lining. Businesses are acknowledging this threat by deploying Web Application Firewalls (WAF) that filter, analyze and isolate HTTP traffic stemming from web application security flaws. In fact, 53 percent of respondents have added WAF to their combat arsenals against DDoS – tripling in numbers since March 2017.
The future ahead will offer opportunities for bad actors to devise craftier ways to launch far more dangerous DDoS attacks capable of distracting IT teams and stymieing forensics. Understanding the right combination of defenses is crucial and this can be achieved by working with security consultants to develop strategies and law enforcement bodies to provide maximum protection for stakeholders, only then will we be able to remain ahead of the curve on the battlefield and defeat the attackers.
Robin Schmitt leads Neustar’s Australian operations, with a focus on driving growth within the Asia-Pacific region. Neustar is a provider of real-time cloud-based information and analysis to the Internet, telecom, financial, media & advertising and retail industries. Schmitt joined the Neustar team in August 2015 and prior to this he served as Chief Operating Officer at Bombora Technologies for five years, before it was acquired by Neustar.