Fighting the Growing Threat of DDoS Attacks Down Under

Rob Malkin, Managing Director, ANZ at F5 Networks
  • Rob Malkin (CSO Online)
  • 13 September, 2016 00:41

Australia is going digital with a vengeance. According to IDC, as the country embraces the National Innovation and Science Agenda, 70% of Australian SMBs are already digitally transforming their operations.

However, while greater technological capacity fuels business innovation, they must be secured in the network. Failure to do so is costly enough already; cybercrimes cost Australia upwards of a billion dollars every year.

Threats vary in form and severity, from primitive worms to complex ransomware programs, but DDoS attacks have become the main concern for enterprises today. They are growing in strength and complexity – and only seem to be evolving faster to scale the walls of enterprise cybersecurity.

More Dangerous Than Ever

While DDoS attacks have been common since the late 2000s, the scale of attacks have increased significantly in the past few years. Organisations now find it difficult to combat new protocol exploits and amplification attacks without the support of a cloud-based DDoS scrubbing service. In 2013, it was reported that SpamHaus services were brought down as a result of a 300 Gbps attack, while in 2014, an attack peaking at 400 Gbps was recorded. However, the world’s largest DDoS attack in history was captured in 2015 with a peak of 500 Gbps.

With cheaper bandwidth costs, it has become more affordable to launch attacks with scale. Terabyte-sized attacks are just on the horizon. Modern denial of service attacks are not only interrupting or bringing down services, but distracting security operations teams with a mix of threats that have varying effects on the infrastructure. Such attacks are increasing in frequency, volume and sophistication.

Attackers combine volumetric, partial saturation, authentication based and application level attacks until they find the weakest link in the chain of command. These threats, which are becoming more difficult to defend against, are often a precursor for advanced persistent threats (APT).

How quickly an organisation can discover and stop these threats is key to ensuring service continuity. Also, the pervasiveness of volumetric DDoS, along with the potential increase in BOTs, requires a hybrid DDoS strategy that combines on-premise WAF with cloud-based scrubbing services.

Stopping a DDoS Attack

When a company detects that it is under DDoS attack from its on-premise WAF, it switches the incoming traffic to a cloud-based DDOS scrubbing service to detect and scrub the traffic. Once traffic is scrubbed clean, it may be rerouted to the company. During the attack, the firm continues to operate as per normal. The scrubbing service effectively mitigates DDoS attacks which aim to bring down services, while enabling the company to continue to operate.

Businesses must protect their infrastructure from large-scale and incessant attacks, yet not compromise on performance. The ideal security posture is to have comprehensive protection. Granular DDoS rules and policies coupled with contextual knowledge of identity and user access to applications and data will enable companies to secure their networks. This is enabled by the automatic collection and analysis of data across deployment environments — data that includes SSL inspection, behavioural analytics, bandwidth usage, health monitoring and other statistics.

This ensures that attacks, for examples HTTP/S, SMTP, FTP, DNS and SIP can be detected sooner and mitigation activated swiftly and accurately via hardware, upstream or across cloud-based services. Services may immediately transition back to full functionality once attack traffic has subsided to manageable levels.

The Security Landscape of the Future

Australia’s DDoS attacks will continue to increase in sophistication and capacity, potentially aided by the numerous IoT devices coming online.

A hybrid mitigation approach is more necessary now than ever. The ability to amplify vastly and scale quickly makes it easy for an attack to easily cripple an organisation’s operations, render their applications useless and gain access to critical data.

Security solutions must be comprehensive enough to address the multiple threat vectors and increasing severity of DDoS attacks. A hybrid security posture is therefore necessary to address the demands of the digital age – as technology upscales, so do the threats and the cybersecurity walls must rise accordingly to safeguard the business.