Looking beyond cybersecurity trends and why it is a never-ending race

• In June, ransom attacks peaked at their highest level so far this year.
• The largest HTTPS DDoS attack ever recorded, a 26 million request per second DDoS attack was recently automatically detected and mitigated by Cloudflare.
• Cloudflare predicts that most businesses will adopt zero trust and move away from the appliance- or device-centric models of network security.

Despite the fact that change is accelerating, cybersecurity has never been a race to the finish line. Businesses are continuing to make investments in technology. More systems are being layered into their IT networks right now to facilitate remote work, improve customer experience, and generate revenue, which could lead to new vulnerabilities. As reports of data breaches, ransomware, and hackers grow more common, it follows that there will be a parallel shift in cybersecurity trends.

The frequency of cyberattacks and related costs will only increase. Here’s something for you to think about: According to Cybersecurity Ventures, cyberattacks will happen more frequently—every 11 seconds as opposed to every 14 seconds in 2019—by 2021. Additionally, it’s anticipated that during the following five years, the cost of cybercrime would rise by 15% annually, from $3 trillion in 2015 to $10.5 trillion by 2025.

As we reached the mid-point of 2022, businesses should re-evaluate their goals and strengthen their cyber defenses in preparation for the months to come, especially given the growth in sophisticated attacks that have recently surfaced. The largest HTTPS DDOS attack on record, with 26 million requests per second, was only this month, according to Cloudflare.

​

In light of this, Tech Wire Asia (TWA) had the opportunity to speak with John Engates, Field CTO at Cloudflare, on how the cyberattack landscape has changed recently and his predictions for where cybersecurity will be in the future.

How has the cyberattack landscape evolved in the last six months?

The one consistent thing about the cyberattack landscape is that it’s always changing. There are always new emerging threats and the targets of attacks change often. From one quarter to the next we see a rise in one type of attack and fall in another. Who those attacks affect also changes. Cyber attackers will often target a particular industry sector and in time move on to another. At Cloudflare, we pay close attention to cyberattack trends and Internet outages (and who they target) all around the globe. In fact, we regularly publish our view of these events on our blog and in real time at Cloudflare radar.

In our most recent 2022 Q2 DDoS attack trends report, we noticed that in June, ransom attacks peaked to their highest level so far this year. Network-layer DDoS attacks increased by 109% year-over-year. Network attacks of 100 Gbps and larger increased by 8% QoQ, and attacks lasting more than 3 hours increased by 12% QoQ. The top most attacked industries were telecommunications, gaming / gambling and the information technology and services industry.

(On Cloudflare’s recent news on DDoS mitigation) Does the fact that so many DDoS attacks attempted indicate that they are too easy to launch and potentially wreak havoc on organizations?

DDoS attacks are quite easy to launch and relatively inexpensive. They can be launched anonymously via botnet-for-hire services that are accessible to anyone with a credit card or some digital currency. Botnets are generally made up of large groups of computers or network devices which have been infected by malware and have come under the control of a malicious actor.  Alongside the launch of an attack, ransom DDoS demands are often delivered to send a message. Sometimes, even just the threat of a DDoS attack will elicit a response.

It’s important to understand the attack landscape when thinking about DDoS protection. When looking at our recent DDoS Trends report, we can see that most attacks are small, e.g. cyber vandalism. However, even small attacks can severely impact unprotected Internet properties. On the other hand, large attacks are growing in size and frequency but remain short-lived and rapid. Attackers concentrate their botnet’s power to try and wreak havoc with a single quick knockout blow while trying to avoid detection.

Cloudflare is a global cloud platform designed to make everything you connect to the Internet secure, private, fast and reliable. Our mission at Cloudflare is to help build a better Internet. For us, that means providing services that improve the security, performance and reliability of Internet properties (websites, apps, APIs, etc.). We’re blocking an average of 117 billion cyberthreats each day for the millions of Internet properties that rely on us. We can deflect even the largest DDoS attacks via our distributed global network of over 270 Cloudflare points of presence.

(On Mantis Botnet attack on Cloudflare’s customers) How harmful is the Mantis Botnet, and what steps does Cloudflare take to ensure that its customers don’t get infected?

The Mantis Botnet is quite powerful. Recently, Cloudflare automatically detected and mitigated a 26 million request per second DDoS attack — the largest HTTPS DDoS attack on record. Interestingly, this attack originated mostly from cloud service providers as opposed to residential Internet service providers, indicating the use of hijacked virtual machines and powerful servers to generate the attack. The 26M rps DDoS attack originated from a small but powerful botnet of 5,067 devices. On average, each node generated approximately 5,200 rps at peak.

To contrast the size of this botnet, we’ve been tracking another much larger but less powerful botnet of over 730,000 devices. The latter, larger botnet wasn’t able to generate more than one million requests per second, i.e. roughly 1.3 requests per second on average per device. Putting it plainly, this botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers.

The best protection strategy is an always-on DDoS mitigation service like Cloudflare, so that organizations can stay vigilant amidst a rapidly changing threat landscape. Large, short-lived attacks are almost impossible for humans to respond to as they simply don’t last long enough. These short attacks can be indicative of active probing for easy targets or future attacks. Sometimes these short-lived attacks are just a precursor to a future larger ransom DDoS attack.

How can ASEAN companies overcome the cybersecurity challenges of an increasingly distributed digital workforce today?

The pandemic has placed work-from-home or hybrid work front and center. Distributed workforces have become commonplace all over the world including in ASEAN countries. At the outset of this trend most companies weren’t prepared for a world where their users were accessing all applications over the Internet. This model makes it impossible to draw a traditional security perimeter around the network. Against this backdrop, the concepts of zero trust and secure access service edge (SASE) have emerged as ways to improve security while extending the corporate network to the Internet edge. With zero trust network access, users working from home can replace the legacy VPN for secure, remote access as the Internet becomes the new corporate backbone.

Trusting network-based controls (like legacy VPNs and IP location restriction) for application access increases a company’s attack surface, limits visibility, and can frustrate end users. Cloudflare’s Zero Trust Network Access (ZTNA) works with existing security tools like identity providers and endpoint protection platforms to enforce default-deny, Zero Trust policies and rules. This limits access to corporate applications, internal IP spaces and hostnames, and Cloudflare’s global anycast network becomes the network on-ramp that makes end user connections faster than a VPN.

Where do you think the cybersecurity landscape is heading?

Today’s security environment has been built over many years on multiple enterprise vendor solutions with numerous components in the security stack. In some ways, it’s a house of cards and the bad guys know it. They just need to look for the weakest point to attack and it all comes down. We believe most companies will move away from the appliance or device-centric model of network security and embrace zero trust. Most analysts suggest security should be delivered as a service from the Cloud and security functions should be performed as close as possible to where the data lives and where it’s consumed (near applications and users). Cloud adoption has moved many applications to SaaS or cloud providers – with more users now working remotely, security solutions must be Internet-native to address the challenge of this increasingly distributed digital workforce. Zero trust and SASE look to be the way forward for most companies looking to bolster security and enable a remote workforce consuming cloud-based applications.

On the threat side, security threats will continue to evolve and attacks will increasingly be AI-driven and utilize multiple vectors in the same attack. Automating attacks will mean a company’s security defenses will need to be equally automated and AI-enabled.

Email is a threat vector that shouldn’t be overlooked. Email is the number one vector for attack and many sophisticated cyber attacks begin as a phishing email. We believe email security must be integrated into the overall zero trust architecture.

What are Cloudflare’s view on the future of cybersecurity trends? Could quantum cybersecurity be the answer?

Quantum computing began in the early 1980s and operates on principles of quantum physics rather than the limitations of circuits and electricity. This is why it is capable of processing highly complex mathematical problems so efficiently. Quantum computing could one day achieve things that classical computing simply cannot.

Quantum computing will change the face of Internet security forever—particularly in the realm of cryptography, which is the way communications and information are secured across communication channels like the Internet. Cryptography is critical to almost every aspect of modern life, from banking to cellular communications, to most of the applications on your smartphone.

Theoretically, if an adversary were to gain control of a quantum computer, they could create total chaos. They might create cryptographic certificates and impersonate banks to steal funds, disrupt the blockchain and break into digital wallets, or access and decrypt confidential communications.

Cloudflare has committed to moving its internal infrastructure to be secured by post-quantum algorithms over the next few years, in addition to being the first to support the new post-quantum standards when they emerge. As an edge provider, Cloudflare is well positioned to turn on post-quantum algorithms for millions of websites and use these algorithms to provide confidentiality in TLS connections. Although quantum computers are a future state, Cloudflare is helping to make sure the Internet is ready for this next-generation technology when they arrive.

---

---

---

---