What do local car dealers, hospitals and banks all have in common? At first glance, not much. However, all of them have become recent hacker targets. Why now when other, much larger corporate entities have traditionally been targets? One word – resources. Their resources, both network and personnel, are stretched thin. With the increased complexity and length of Distributed Denial-of-Service (DDoS) attacks, it’s a struggle for all organizations, let alone small and medium businesses. The 2016 State of SMB Security Report found that half of the 28 million small businesses surveyed were breached in the past year. Verizon cited, in their 2017 Data Breach report, that 61% of data breach victims were businesses with less than 1,000 employees.
Recently Italian bank Unicredit suffered two security breaches. Data of 400,000 customers was stolen, including loan account numbers and Personally Identifiable Information (PII). There is a suspicion the breach had to do with interaction with a 3rd party. This incident is the latest reported in a long history of cyber-attacks against financial institutions. Every hack however, can teach us a lesson.
In a recent Light Reading webinar, Principal Heavy Reading Analyst Jim Hodges and I discussed the growing need for Managed Security Services. DDoS attacks are becoming increasingly sophisticated and complex, lasting more than 24 hours in some cases. The attacks aren’t limited to specific industries or company sizes anymore, and push stretched internal IT resources to the breaking point. The 0s and 1s that flash through service provider networks are equally vulnerable. Attackers don’t care where the data is coming from…they’re looking for vulnerabilities they can exploit for money. The days of hacks focused on large retail organizations like Target and Home Depot are behind us. Merck and Co., a large U.S.-based pharmaceutical firm, was one of several global companies impacted by a massive global attack. Don’t let these hacks bring your customers’ network down.
Over the years Radware has followed the evolution of DDoS attacks directed at the gaming industry. For the industry, large-scale DDoS attacks can result in network outages or service degradation and has become an everyday occurrence. In 2016 Lizard Squad and Poodle Corp launched repeated attacks against EA, Blizzard and Riot Games, resulting in service degradation and outages for users around the world.
This blog discusses active research from Radware’s ERT research team regarding a DDoS for Ransom campaign.
This is a preliminary report and will be updated accordingly.
Over the past four years, communications service providers (CSPs) have taken measurable strides to migrate network functions and applications to the cloud. And while we are not there yet, it’s clear that the cloud will drive the future of service innovation. However, in my view, the very definition of service innovation is also extended in the cloud environment.
A prime example in my mind is the expansion of managed services to a cloud managed services model which drives profound business and technical change. While this cloud managed services model continues to be defined in real time, it’s readily apparent that cloud-based managed security services will play a prominent role.
Availability, or the big “A” is often the overlooked corner of the CIA triad. Perhaps a contributing factor is the common belief among security professionals that if data is not available, it is secure. Corporate executives have a different opinion, as downtime carries with it a hefty price tag. While today’s corporate risk assessment certainly involves the aspect of availability, it is focused on redundancy, not on security. Penetration tests, a result of the corporate risk assessment, also fail to test on availability security. In fact, pen testing and vulnerability scanning contracts specifically avoid any tests which might cause degradation of service, often leaving these vulnerabilities unknown until it’s too late. Availability is commonly handed off to be addressed by network engineering to design and build resilient networks. Common risk mitigations in this arena include redundant power, internet links, routers, firewalls, web farms, storage, and even geographic diversity with use of hot, warm and cold data centers. You get the picture; there is a ton of money invested in building network infrastructure to meet corporate availability requirements.
The Risk DDoS Attacks Pose to Enterprises
What is the impact of a DDoS Attack?
Denial of Service attacks affect enterprises from all sectors (e-gaming, Banking, Government etc.), all sizes (mid/big enterprises) and all locations. They target the network layer up through the application layer, where attacks are more difficult to detect since they can easily get confused with legitimate traffic.
A denial of service attack generates high or low rate attack traffic exhausting computing resources of a target, therefore preventing legitimate users from accessing the website. A DDoS attack can always cause an outage, but often they have the stealth impact of slowing down network performance in way that enterprise IT teams do not even realize the network is under attack and simply think the network is congested, not knowing the congestion is actually caused by an attack.
5 out of 6 businesses struggle daily with low profile DDoS attacks that consume their bandwidth and resources and pose a burden, resulting in poor service level and customer experience
You know how when you get to a certain age, feeling ‘good’ is not good enough? Well it might be good for your everyday life – obviously, you don’t need to extract the most out of your brain and muscles for the day-to-day to-do’s, but there is no guarantee that there is nothing there that negatively impacts your performance, or may be silently growing.
The Risk DDoS Attacks Pose to Enterprises
The Role of the Firewall
A Firewall is a necessary first step in protecting an enterprise network by establishing a barrier between a trusted, secure internal network and another outside untrusted network such as the Internet. Firewalls have evolved considerably over the years, with the advent of next-generation firewalls to add application-aware filtering and intrusion detection capabilities and help customers improve their first line of defense. However, DDoS attacks are one vector where Firewalls are commonly the point of failure. In fact, Radware’s own research shows that the firewall is the cause of downtime during DDoS attacks roughly one-third of the time. The reason for this is the stateful nature of these devices, required to keep track of open sessions and transactions on the network. Maintaining session state requires use of session tables as well as other CPU resources that are finite and also responsible for other security features. Therefore under attack, the session table can be exhausted causing the firewall to fail.