How does DDoS threaten companies today?
DDoS attacks have the potential to take down entire company networks by controlled requests.
Servers, online services or entire networks are flooded with traffic or a large number of requests, which can lead to a complete system failure. Many computers or devices send as a so called “botnet” requests, against which most companies are not fully protected.
In the event of an attack like this time is one of the most important factors, because every passing second can lead to major damage – through manual assessments of incidents, unforeseen routing problems or outwitted defense mechanisms. In such a scenario, a time-to-mitigate (TTM) of just one minute is not enough to avoid a complete system failure.
How should companies protect themselves to keep the threat potential low?
Because of the relative ease of creating DDoS attacks, for example with free booter scripts or cheap DDoS-for-hire services, organizations should have a solution in place that should be part of a larger security playbook to mitigate these types of attacks. Building the necessary digital resilience against DDoS is more than ever before a key feature of the IT security structures.
Companies in the transport, energy, finance sectors now need a well-functioning DDoS protection solution as attacks become more advanced and evolve. DDoS attacks can certainly be part of an attack campaign, where the attacker will use a DDoS to distract operations so the attacker can try a different type of security incursion like data exfiltration or malware infiltration.
Attack methods continue to evolve, and cybercriminals are able to add increasingly sophisticated amplification techniques to their repertoire. With cloud-based and automated DDoS protection solutions, organizations can keep pace.
Have there been any transformations of the attacks in recent years or has the threat potential remained the same?
What we can witness is that critical national infrastructure (CNI) is increasingly being targeted by cybercriminals. Energy operators, airports and financial institutions in particular are increasingly being targeted by pro-Russian hackers.
Well-known names here are NoName057, Killnet and Anonymous Sudan. British authorities warned in April that these groups want to destroy the national critical infrastructure.
The focus on politically motivated attacks has increased significantly compared to previous years. Above all the attacks have become more intense and more transformative. On average in 2022, DDoS attacks reached critical levels after only 55 seconds. However, compared to the 2021 average of 184 seconds, these turbo attacks reach critical volumes 3 times faster.
These DDoS attacks are usually shorter but reach a critical payload quickly instead of continuously increasing. As a result, network systems can be crippled before defensive measures take effect. With a packet rate of 3.3 million packets per second (2021: 990,000 packets), it is much more challenging to defend against them. And: attacks have increased again, in the first months of 2023.
Do you notice regional differences (EU/UK) with regard to the intensity of attacks?
I think that both the EU states and the UK, as supporter countries of Ukraine, are equally affected by DDoS attacks. In addition, and according to the “Cyber security breaches survey 2023”, larger companies and their supply chains are becoming more and more targets.
This group of companies and the critical national infrastructure (CNI) sector are the main targets of hackers. A quick google of top DDoS attacks shows disruption to government websites and even disruptions to critical infrastructure. However, the question is not if, but when a DDoS attack will take place. Digital resilience then becomes the crucial point that determines economic competitiveness.
Is it possible to make a possible forecast for the threat potential?
In fact, distributed denial-of-service attacks as well as their intensity are expected to increase in the future. Digitalization, the spread of IoT devices, and 5G networks will enable cybercriminals to reach the necessary data volumes. In addition, botnets and distributed denial-of-service attacks on the darknet are being offered as services at relatively low prices. In addition, we are currently seeing the use of DDoS attacks as a weapon in digital warfare.
In practice, a sophisticated DDoS protection of the companies involved should primarily address the weak points that are not yet sufficiently outlined in the current debates.
These include, for example, digital gateways within supply chains i.e., supplied hardware and software or even services from the engineering sector.
Since these components are provided by third parties, you need to be clear about this: Being digitally resilient only as an individual company is no longer sufficient today. In parallel, service providers, partners and subcontractors who, in the worst case, have outdated systems and no awareness of DDoS must also be protected.
