Technology is instrumental to us all today with the dispersed workplace that further drove cloud and third-party services adoption. For most businesses, there is no “new normal” but rather the ongoing progression of a hybrid network environment where physical and virtual assets operate in tandem. This blurred line between physical and virtual has not gone unnoticed by threat actors and gives cybercriminals more vulnerabilities to exploit. 

Staying competitive in this new business and economic environment requires new strategies and practices, and certainly accelerated digitisation efforts and supply chain interactions. According to IntSights’ latest report, threats to technology companies pose risks to organisations in other industries that use their products and services. Those threats enable attackers to compromise and disrupt targets outside the industry through the products and services that they use.

Distributed Denial of Service (DDoS) attacks stands out as one of the most impairing among the myriad of tactics due to the vulnerability they bring to businesses when they are faced with service disruptions.

Experts from SUSE help us understand what Cloud-Native means for the enterprise.

With the increasing scale of these attacks, even companies with great security infrastructure can find themselves a target. Belgian government-funded internet service provider Belnet was recently a victim of a massive DDoS attack. More than 200 organisations across Belgium including its government institutions, universities, and research institutes were affected. It was reported that the attack had also caused parliamentary meetings to be delayed and took down online services for the metropolitan police force.

While the intention of the attack on Belnet was allegedly purely to disrupt services, other DDoS attacks might be hiding menacing intentions such as data theft and backdoor attacks.   

Over in APAC, the Singapore Computer Emergency Response Team (SingCERT) has warned about the prevalence of DDoS-related campaigns and advised what these threats look like. SingCERT highlighted the urgency to adopt necessary precautionary measures for organisations to protect themselves from falling victim to such attacks. 

What are the attacker’s motivations?

Financial gain is a most common form of motivation for DDoS attacks. For example, online gaming and entertainment companies like video and audio streaming services are desirable targets for DDoS attacks and may experience customer dissatisfaction and loss of revenue If their services go offline due to a DDoS attack. 

This downtime can cripple companies that heavily rely on online critical systems for their business services. Attackers can then use this pressure to extort a ransom to recover their services. 

Non-financial motivation for DDoS attacks could be driven by an ideology or protest also known as “hacktivism”. Earlier this year, a hacker group in Malaysia known as Anonymous Malaysia threatened that they will be initiating attacks against the Malaysian government’s computing system in a likely DDoS attack as a ‘wake-up call’, in a bid to get their message across. 

DDoS attacks may also be used as a cover-up for other forms of cyber attacks, viruses, ransomware and data theft. These coordinated attacks are usually more sophisticated and can cause detrimental damages to the organisation. 

A new age of botnets

IT security has indeed become more sophisticated, but attackers are keeping up with trends and their attacks are evolving with greater complexity. Remote work and smart homes have led to the rapid increase in IoT devices in homes and organisations. There are countless of devices today that attackers can exploit – baby monitors, cameras and even printers. These devices can be part of a massive botnet as they do not usually receive the same level of security support and hygiene as computers and mobile phones.

One example will be the case of a streaming service becoming a target of an unusually large attack for 13 days in 2019, using over 402,000 infected devices possibly from the Mirai IoT botnet. 

Home routers in particular are popular targets for incorporation into DDoS botnets. Attackers can gain initial access into enterprise networks, by infecting the endpoints and collecting network traffic via packet capture. Even more alarming is the fact that many home router users fail to update the firmware on their routers or they do not even change their default passwords that can be easy for attackers to guess and gain access. 

How to steer clear from falling prey to DDoS attacks?

Organisations need to secure their own infrastructure and should establish and maintain third-party risk programs to assess and mitigate risks stemming from their use of external technology products and services. 

They can first implement an enterprise-grade threat intelligence solution to identify and guard against potential threats and attacks before they reach enterprise’s network and infrastructure.

As organisations embrace remote work, user error continues to be the weakest link. Organisations should encourage employees to practice good security hygiene while actively monitoring for any anomalies. On top of that, IT must ensure thorough security support for those remote devices such as ensuring that they receive security updates and network monitoring coverage. 

Software, applications and devices at the enterprise and home levels should be patched regularly to deter attackers from exploiting existing vulnerabilities in the system.

Lastly, always maintain a good backup system to prevent important data from being locked and develop a robust incident response plan should a crisis were to happen.

Contributed by Paul Prudhomme, Head of Threat Intelligence Advisory at IntSights

About the author 

Paul Prudhomme is Head of Threat Intelligence Advisory at IntSights. He previously served as a leader of the cyber threat intelligence subscription service at Deloitte and as an individual contributor to that of iDefense. Paul previously covered cyber issues as a contractor in the U.S. Intelligence Community. Paul specialises in the coverage of state-sponsored cyber threats, particularly those from Iran. Paul originally served as a linguist and cultural advisor and speaks multiple languages, including Arabic. He has a Master’s degree in History from Georgetown University. Paul is also a certified scuba diver and an award-winning amateur underwater photographer.