New-gen DDoS needs the latest cybersecurity measures: three of the best protection providers
AS INTERNET traffic grows in volume, it’s getting increasingly difficult, at a network level, to differentiate between genuine traffic and background “noise” which may or may not be intended to be disruptive.
Cybersecurity research undertaken in the last six months has found that many services can be affected by anomalous network traffic due to its frequency and weight – all the hallmarks of a denial of service attack – but not actually be intended targets.
This problem is particularly apparent at peak times, with regards to black hat activity, such as “holiday periods,” and times like Black Friday and Cyber Monday; the times when the pickings are rich.
Clearly, there is a substantial amount of malicious internet traffic directed for financial gain, and this often involves distributed denial of service (DDoS) activity. Most recently, public Memcached servers still accepting UDP traffic were a significant source of problems, which when used in multiple instances, were capable of ‘amplifying’ botnet co-ordinated DDoS activity by factors of more than 50,000!
And while some ransomware methods have been found to be flaky at their core, and so are solve-able (for now), the increasing popularity of some cryptocurrencies’ anonymity has led to a new generation of DDoS. These attacks use packets of data which ask for payments to (for instance) a specific Monero wallet – a ransom demand repeated literally millions of times per second.
In the same rich vein of avarice-related attacks, Bitcoin’s high value has caused the number of incidents affecting cyber currency exchanges to rise. Bitcoin Gold exchange, Bitfinex, has been hit, in what is thought to be an attempt to manipulate currency prices to cash in on the profits available from ‘fixing’ exchange rates.
Some DDoS attacks have been more clearly politically motivated, such as the attacks on Czech government servers during an election count. And on occasion, hackers’ skills have been showcased where the audience can perhaps “appreciate” them best, with an attack on Github suspending that site for a while.
Most DDoS attacks still last less than four hours, according to Kaspersky, but while this seems, objectively, not too onerous, the effects can be calamitous, both for the intended target and for any secondary targets (such as smaller DNS servers) affected by the incidental fallout.
Sometimes the victims of coordinated DDoS attacks are reasonably unpleasant themselves. Online marketplaces operating on the so-called “dark web” which trade in all manner of illicit goods have also been hit. Sites like Tochka and Trade Route have been affected now for several months, with the services’ users often finding themselves unable to buy, sell or barter.
These sites’ problems may have been the result of their success as competitors ramp up the pressure, but another theory suggests that law enforcement agencies are now operating more successfully than before. The legitimacy of this cross-border policing is debatable if the theories are true of course. What is certain, however, is that with legislation unable to catch up quickly enough with online developments, perhaps the best defense against ne’er do wells is, indeed, attack.
Hackers and black-hats continue to utilize the accepted business models of the “straight” world, with DDoSaaS (distributed denial of service as a service) now an online shopping reality, joining malware-as-a-service, malicious-code-as-a-service and so forth in the online mall.
The Andromeda botnet network, for instance, recently taken down by law enforcement agencies and white hats from Microsoft (amongst others), was used for the mundane theft of consumers’ credentials, but could also be used to distribute other payloads, such as Kaisdet, a code base used to conduct DDoS attacks.
Andromeda represents the new generation of unpleasantness-as-a-service of which we will indubitably see a lot more in coming months. As well as core functionality, it could also be extended by a series of paid-for plug-ins which added keylogging capability (US$150), form-fill grabbing (US$250) and infected machine remote control (US$250).
DDoS methods are therefore evolving as quickly as the previously puzzled enforcement agencies can react. But as more territories get online and the established tech-mature territories become more dependent on internet connectivity for everyday activities, we can expect DDoS and other malware-derived operations to become more sophisticated and harder to detect.
Here at Tech Wire Asia, however, we don’t intend to paint a picture of the utmost gloom for a cybercrime-ridden future. On “our” side, there are several companies whose expertise and credo are of helping keep genuine organizations online, and trading & operating as safely as possible.
Here are three of the best:
Neustar provides highly specific solutions designed to protect mission-critical online applications. Services include direct mitigation against DDoS attacks, web application firewalls (WAF), IP intelligence, an extensive range of network testing & monitoring, enterprise DNS, and communications services.
DDoS mitigation solutions – supported by Neustar’s partnership with Arbor Networks – are highly flexible and are available either on premises, cloud-hosted or on a hybrid basis. Protection can be fully automated or manually invoked if internal measures prove insufficient during an attack. A further partnership with Limelight extends Neustar’s portfolio further, providing a full content delivery network (CDN) and on-network data scrubbing services.
Neustar’s particular expertise is capable of stopping the complex multi-vector DDoS attacks employed by expert hackers and protects against attacks on both network and application layers. The company’s highly integrated solution set is underpinned by its own Security Operations Centre, staffed by cybersecurity experts, 24/7/365, and a DDoS mitigation network that spans the globe, including 1.2Tbs of scrubbing capacity within APAC.
Neustar’s massive worldwide network and extensive range of protection solutions let its clients stay connected, reduces the risk of threat, and keeps critical systems functioning. Its position as a global player in four key data markets (identity, risk, security, and communications) means its services are world-class, and able to scale to meet the demands of any enterprise.
Akamai’s flagship DDoS product is its Kona Site Defender, which covers network layer and application layer mitigating technologies.
Massive white/blacklists enable its clients to allow or restrict requests from specific geographical regions and specific IP addresses, in real time. Traditional yet highly effective application-layer level firewalling empowers Akamai clients to address protocol violations, request limit violations, HTTP policy violations, and other constantly changing requirements for an agile cybersecurity policy.
With more than a nod to today’s cloud-based service world, Kona’s policies harness WAF (web application firewall) rules developed and updated by Akamai’s internal threat intelligence team.
If organizations wish to operate their own cybersecurity personnel, the Akamai solutions can give real-time visibility into security events and the ability to drill down into attack alerts, to investigate whether the problem is real or a false positive.
Many websites which are mission-critical in today’s internet landscape operate a level and type of shielding which effectively cloaks the site from the public internet to protect against direct-to-origin attacks. By imposing a fast and effectively seamless transition of all traffic between outside and the website core, the intervening layer of security can catch most attack types.
Like Neustar, Akamai operates globally, with local presences able to react and address issues closer to their emanating source, while continually updating the rest of the security network to spread the new threat information.
A10’s approach to cybersecurity is varied to allow it to help and serve a wide range of client types and sizes. Its offerings are available either in the cloud as-a-service, or the company’s physical network protection devices on client sites.
The company’s cloud offerings are therefore comprised of its own highest end hardware hosted for its clients but expertly configured by the people who know it best.
From small appliances designed as one-stop protection hardware, up to enterprise level detection and mitigation tech, A10 will almost always have suitable solutions for all types of organization.
The A10 Thunder, for instance, is a TPS (threat protection system) capable of allowing the owner to escape the very worst ravages of advanced DDoS attacks. The hardware (also available as a virtual service) is capable of handling very high traffic rates, and will not crumble under the demands of high-end sites and networks.
A10’s cybersecurity expertise extends to what some are referring to as “Industry 4.0”; that is, the internet of things. The exponential rise in the number of connected devices will pose a real threat in DDoS terms as the IoT revolution gets underway – and already A10 is planning for the future, with comprehensive IoT DDoS mitigation measures already available to place, protecting the network’s forerunners.
*Some of the companies featured in this article are commercial partners of Tech Wire Asia