Prioritising the growing threat of DDoS attacks
With DDoS attacks increasing in size and frequency, Rob Hartley, Radware’s vice president and managing director for EMEA and LATAM, addresses why service providers are a growing target for large, distributed attacks – and what they can do to mitigate their risk
The pandemic highlighted the reliance on service providers as the bedrock of digital connectivity. As we ramped up our digital services during lockdowns, service providers around the globe saw enormous growth in bandwidth demand and usage. Successfully managing this load required further innovation and evolution of their core architecture. To adapt, service providers made a rapid shift to the cloud to enjoy its flexibility and scalability. They also adopted more virtualised networking solutions, using 5G to manage leading-edge services such as AR/VR, autonomous vehicles, and online gaming.
Malicious actors did not wait to take advantage of this fast-paced digital shift. As a result, service providers also witnessed a growth in DDoS attacks, both in volumetric size and frequency. For example, in February 2020, Amazon Web Services (AWS) reported a 2.3Tbps DDoS attack. To put this into context, this represents nearly half of all traffic that British Telecom Group sees on its entire UK network during a normal working day.
As service providers, your networks are a prime target for DDoS attacks. It’s clear from the situations we have seen across our own client base that service providers offer one of the best hunting grounds for malicious actors. Through this high-value channel, criminals can compromise a single provider and gain access to the infrastructures of multiple clients, making money to further fund their organised crime.
The business of DDoS-as-a-Service is booming. New groups such as Fancy Lazarus allow bad actors to perform devastating attacks with just a few clicks. DDoS subscriptions range from just a few dollars per month to thousands of dollars for initiating large-scale attacks. As a result, DDoS extortions have become a persistent part of the threat landscape. Security, therefore, must be a priority not only to sustain competitive advantage, but also to deliver on customer expectations. Service downtime and poor performance are consequences enterprise customers won’t entertain.
Managing the risks
Service provider networks are different from those of your average enterprise and the DDoS attacks that target them also differ. Service providers operate large-scale infrastructures, with a diverse ecosystem of customers, networks, and services, so this must be the starting premise for building a coherent security strategy.
This represents an expansive attack surface for malicious actors. As a result, they will go to great lengths to invest in the right infrastructure.
Indeed, to cause maximum damage to a service provider, hackers will orchestrate huge globally distributed attacks that can overwhelm the service provider’s fixed networks. One way for the hacker to achieve scale is to create a botnet leveraging an army of smaller infected devices. This not only helps them achieve the scale but also the processing power required to launch devastating attacks, like those that target DNS services.
There is, however, a way for service providers to manage this risk if they take a holistic view. Service providers that contain large-scale attacks implement cloud DDoS protection services that support their existing on-premises environment. The high-volume mitigation capacity offered by a cloud DDoS protection service ensures only the ‘good’ traffic, or good bots, get through and the attack is mitigated without service disruption.
Prepare for the inevitable
To safeguard their businesses, service providers need to establish a complete view of their network, understand what is visible to hackers at any one time, and implement a DDoS protection solution that offers adequate support and service level agreements (SLAs). But it must be agile. The threat landscape does not stand still. Malicious actors are always eager to find more vectors, vulnerabilities, and evasion techniques to increase the size and impact of their attacks.
When you understand how the landscape is evolving, then security measures can adjust accordingly. And, as so many real-world examples have illustrated this year, reputational and shareholder value can be protected only if companies have responsive security measures in place.