In the movies (and real life) one often needs to go through the Key Master to get to the destination. The job of the Key Master is to keep control of the access to the locks and barriers that protect important or sensitive material. Sometimes there is one key to get to the hidden rewards while other times, there is a long string of keys that must be maintained and managed. In other situations, the Key Master is more of a Key Maker, generating keys upon request.
Over the years Radware has followed the evolution of DDoS attacks directed at the gaming industry. For the industry, large-scale DDoS attacks can result in network outages or service degradation and has become an everyday occurrence. In 2016 Lizard Squad and Poodle Corp launched repeated attacks against EA, Blizzard and Riot Games, resulting in service degradation and outages for users around the world.
The last several months have been historic by any measure. U.S. banks and financial institutions around the world have come under cyber-attacks at a high rate. We’ve seen everything from DDoS attacks to waves of ransomware.
So, why was this? Is it because they didn’t have enough resources or serious professionals dedicated to program management? Not likely. The true answer is a bit more uncomfortable, but worthy of exploration.
This blog discusses active research from Radware’s ERT research team regarding a DDoS for Ransom campaign.
This is a preliminary report and will be updated accordingly.
Over the past four years, communications service providers (CSPs) have taken measurable strides to migrate network functions and applications to the cloud. And while we are not there yet, it’s clear that the cloud will drive the future of service innovation. However, in my view, the very definition of service innovation is also extended in the cloud environment.
A prime example in my mind is the expansion of managed services to a cloud managed services model which drives profound business and technical change. While this cloud managed services model continues to be defined in real time, it’s readily apparent that cloud-based managed security services will play a prominent role.
Availability, or the big “A” is often the overlooked corner of the CIA triad. Perhaps a contributing factor is the common belief among security professionals that if data is not available, it is secure. Corporate executives have a different opinion, as downtime carries with it a hefty price tag. While today’s corporate risk assessment certainly involves the aspect of availability, it is focused on redundancy, not on security. Penetration tests, a result of the corporate risk assessment, also fail to test on availability security. In fact, pen testing and vulnerability scanning contracts specifically avoid any tests which might cause degradation of service, often leaving these vulnerabilities unknown until it’s too late. Availability is commonly handed off to be addressed by network engineering to design and build resilient networks. Common risk mitigations in this arena include redundant power, internet links, routers, firewalls, web farms, storage, and even geographic diversity with use of hot, warm and cold data centers. You get the picture; there is a ton of money invested in building network infrastructure to meet corporate availability requirements.
The Risk DDoS Attacks Pose to Enterprises
What is the impact of a DDoS Attack?
Denial of Service attacks affect enterprises from all sectors (e-gaming, Banking, Government etc.), all sizes (mid/big enterprises) and all locations. They target the network layer up through the application layer, where attacks are more difficult to detect since they can easily get confused with legitimate traffic.
A denial of service attack generates high or low rate attack traffic exhausting computing resources of a target, therefore preventing legitimate users from accessing the website. A DDoS attack can always cause an outage, but often they have the stealth impact of slowing down network performance in way that enterprise IT teams do not even realize the network is under attack and simply think the network is congested, not knowing the congestion is actually caused by an attack.
In February of 2017, Memorial Healthcare System settled their HIPAA violation fines for $5.5 Million USD. During an investigation, it was discovered that over 100,000 patient records had been impermissibly accessed. Allegedly, an ex-employee retained access to personal identifying information and sold data records to people who filed fraudulent tax returns using the data. Federal criminal charges were filed against the ex-employee.
5 out of 6 businesses struggle daily with low profile DDoS attacks that consume their bandwidth and resources and pose a burden, resulting in poor service level and customer experience
You know how when you get to a certain age, feeling ‘good’ is not good enough? Well it might be good for your everyday life – obviously, you don’t need to extract the most out of your brain and muscles for the day-to-day to-do’s, but there is no guarantee that there is nothing there that negatively impacts your performance, or may be silently growing.
The Risk DDoS Attacks Pose to Enterprises
The Role of the Firewall
A Firewall is a necessary first step in protecting an enterprise network by establishing a barrier between a trusted, secure internal network and another outside untrusted network such as the Internet. Firewalls have evolved considerably over the years, with the advent of next-generation firewalls to add application-aware filtering and intrusion detection capabilities and help customers improve their first line of defense. However, DDoS attacks are one vector where Firewalls are commonly the point of failure. In fact, Radware’s own research shows that the firewall is the cause of downtime during DDoS attacks roughly one-third of the time. The reason for this is the stateful nature of these devices, required to keep track of open sessions and transactions on the network. Maintaining session state requires use of session tables as well as other CPU resources that are finite and also responsible for other security features. Therefore under attack, the session table can be exhausted causing the firewall to fail.