Welcome back to Cyber-Flood Friday! This week I discuss the evolution of DDoS through 5 methods of growth, as well as myths around how to protect against DDoS attacks. After all the DDoS fun, I discuss an article that shows yet another advanced method hackers are using to gain access to your computers! Cyber-crime is evolving and companies are becoming more vulnerable to hackers, which is why you need to stay up to date on all of your cyber news.
1) The Growing Threat of Denial-of-Service Attacks
This article discusses how DDoS attacks evolved through 5 methods:
- Black market services
- New powerful attacks
- Financial impact (Approximately $40,000/hr)
- Cyber extortion
- DDoS used as smokescreen for other attacks
It also discusses key Steps companies should take to protect themselves:
- Establish a DDoS Policy (Standard Procedures, and knowledge)
- Identify attacks as soon as possible
- Know who to call
- Battle test mitigation
- Prevent follow-up attacks
- Cyber Insurance
This article gives a good insight on how the world of DDoS is evolving at such an alarming rate, but it also discusses the right way to go about defending against these attacks. It’s obvious that DDoS is an effective form of attack, especially when financially motivated, but knowing how to mitigate these as a company is an important step towards keeping a company online.
2) Top 5 myths surrounding DDoS protection
This article discusses 5 common myths associated with DDoS and its mitigation which are the following:
- CDN’s are the main solution
- Using traditional perimeter defenses are effective
- Not believing the risk is significant
- The mitigation provider will handle all threats
- The attacks are all the same
Debunking the myths associated with DDoS is beneficial in helping organizations build stronger defenses. Some believe that CDN’s will solve the problem, yet their main function is to absorb traffic and inform to organization of DDoS like behaviors. Perimeter defenses, such as Firewalls, Intrusion Detection Systems and Intrusion Prevention Systems, do not perform well enough to effectively defend against large DDoS attacks, and while they are complimentary to other defenses, they are not suitable as the only line of defense. Some organizations believe they are not vulnerable to these attacks as they feel there is no significant data the company holds. This is completely false, as many attacks are used for ransom, political reasons, and for some it is just a mere heckle. Using a mitigation provider is a good approach to lower the impact of a DDoS attack, but ensuring that quality and support will be provided once an attack hits is crucial in protecting an organization. The prominence of DDoS has only just begun, and this leaves some without a clue as to how powerful these attacks can be. Let me be the first to tell you the attacks could potentially destroy an organizations online platform if they are not protected. There are many different DDoS attack types that will have a significant impact, and organizations need to be prepared by having mitigation in place as well as ensuring quality and effectiveness of those mitigation services.
3) GoDaddy used as tool for cyberattacks
- In recent attack hackers use websites registered with GoDaddy to break into users computers
- According to the article the method being used is “Domain Shadowing”
- The hackers set up false domains to send users to malicious sites, and have malware injected into the users computers
This new method of attack leveraged one of the largest domain providers to date. It’s clear that hackers will continue to find new and creative ways of compromising systems. The only way to be resilient against these attacks is to take a proactive approach. Build in security from the beginning and battle test everything before you release it to the wild.
That’s it for Cyber-Flood Friday this week. Visit us every Friday to get your weekly dose of cyber news and see everyone next week!