CISO DDoS Handbook - The DDoS Threat to Digital Transformation

ciso_handbook_ddos_threat_to_digital_transformation

As the global economy and its reliance on technology continue to evolve, so do cyberattackers’ strategies and techniques - working on launching debilitating DDoS attacks with the intent to cause downtime and havoc. Staying ahead of these attackers requires precise and real-time information/insights into the threat landscape and new forms of attacks. Also, an understanding of ongoing DDoS network vulnerabilities, the existing mitigation solution’s capabilities, and ensuring that both works in harmony to close all DDoS system vulnerabilities before a damaging attack is launched. Any gap left open can be taken advantage of by an attacker often leaving it too late to mitigate without downtime.      

The New DDoS Attack

1. WS-Discovery Attacks - Attackers use a protocol called WS-Discovery (WSD) which allows unauthenticated traffic to flow through and amplify attacks. Amplification as a method is not new and has been used in the past under the names of Simple Network Management Protocol and Simple Service Delivery Protocol.

2. Multi-modal DDoS Attacks - Instead of just one single form of attack, multi-modal involve the launch of several different types of attacks at one point in time. For example, an attacker will launch one attack, and as the mitigation solution tries to mitigate it, another vector is launched, one which could penetrate the network.

3. Ransom DDoS Attacks – or RDDoS as they are known are attacks that are launched with ransom demands as the underlying motive. Attackers launch small attacks with the promise of a larger attack on their web applications unless their demands are met. The whitepaper, `The Anatomy of Ransom Related DDoS Attacks', dives deep into this type of attack.

4. Zero-Day Attacks - These are attacks that involve vectors that haven't been previously used by attackers. As they are new and unknown, mitigation solutions are unaware of them, and therefore, blocking them is not possible. In parallel, they target unknown vulnerabilities in the network.

5. IoT DDoS Attacks - IoT devices are constantly increasing; there are thousands of them out there. As IoT devices are created to serve an array of purposes their manufacturers are not primarily concerned with ensuring security within these new devices. DDoS attackers are not interested in corrupting a single device. They on the other hand look to penetrate the network using the vulnerabilities in the IoT devices to launch DDoS attacks.

6. Low-rate attacks – Most enterprises struggle to distinguish between the low-rate attacks and the legitimate traffic, and at the same time, find it difficult to maintain a low false-negative rate. Like the big attacks, small size attacks can bring down the services rapidly and can create an equivalent impact on the businesses; urging companies to be prepared and review their web security arrangements.

7. Small Sized Attacks - Research confirms that large attacks of 100Gbps and above have fallen by 64% in 2019. However, there has been a startling 158% increase in attacks sized 5Gbps. or less. Enterprises struggle to distinguish between the low-rate attacks and the legitimate traffic, and at the same time, find it difficult to maintain a low false-negative rate. Similar to the big attacks, small size attacks can bring down the services rapidly and can create an equivalent impact on the businesses; urging companies to be prepared and review their web security arrangements.

Whitepaper: The CISO DDoS Handbook

Recurrent DDoS Attacks Despite Mitigation

DDoS Testing and Mitigation are the available solutions that digital enterprises rely on to ensure DDoS protection. However, even with the most sophisticated DDoS mitigation and testing solutions deployed, most companies are left with major DDoS vulnerabilities. This is because DDoS Mitigation security policies don't adapt to dynamic changes happening in the network, leaving around 50% of DDoS vulnerabilities undetected and therefore unprotected. Furthermore, mitigation solutions & infrequent Red Team DDoS testing are reactive, rather than automatically and continuously detecting and closing vulnerabilities. This is the reason why attacks continue to occur on a regular basis. Our monthly list of `Worldwide DDoS Attacks’ shares the latest updates on DDoS attacks. But this list only captures publicly reported attacks and there are many more that go unreported. For example, just in Q1’ 21, there were 2.9 million DDoS attacks with the longest attack lasting over 24 hours.

The Only Complete DDoS Protection for the Digital World

MazeBolt's new patented technology, RADAR, is the only 24/7 automatic DDoS attack simulator on a live environment with ZERO downtime/ disruption. It automatically detects, analyses, and prioritizes the remediation of DDoS vulnerabilities in any mitigation system. Raising the efficiency of your Mitigation solution, delivering the ultimate DDoS protection.

Benefits of RADAR™

  • Effectively block complex and intermittently changing threats with RADAR™. Continuously, validate and remediate the entire DDoS protection posture in peaceful times, fix known areas of weaknesses proactively as there is no time to do this when an attack starts.
  • Break complex attacks into individual attack vectors to ensure protection automatically against mixed vector attacks. With mitigation alone, this is not always possible but with Simulation, this can be done.
  • Start at a low rate and increase attack simulations to identify new potential targets that are susceptible to attacks from external attackers.
  • Monitor all simulated traffic downstream from the DDoS mitigation device or scrubbing center on a mirror port during simulation to detect attack leakages instantaneously and remediate them on the go.
  • And finally, maintain a good DDoS mitigation posture, i.e., no disruption or downtime.

Learn more about RADAR Technology

About MazeBolt

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions. The company’s new flagship product, RADAR™, is a patented, new technology. It offers DDoS protection through automated DDoS simulations on live production, with zero downtime. Working in conjunction with any mitigation solution installed. Its unique capabilities have ensured business continuity and full DDoS security posture for enterprises worldwide including Fortune 1000 & NASDAQ-listed companies.

Picture of Yotam Alon

About Yotam Alon

Yotam is Head - R&D at MazeBolt and is in charge of all R&D activities, infrastructure and security. With five years in the security industry, Yotam brings fresh perspectives and insights into current technologies and development flows. He holds a BSc. in mathematics and philosophy and enjoys hitting the archery range in his spare time.