Cybersecurity best practices and DDoS defence strategies
On August 31st we had the great privilege of presenting a briefing on “Universal DDoS Mitigation” at Black Hat USA 2013, one of the most well-known and prestigious security conferences in the world. With DDoS attacks revolutionizing the cyber threat world, it’s no wonder they were a major topic among attendees – a whopping seven briefings focused solely on DDoS!
During our briefing we discussed key findings from our research team, NXG Labs, as well as our collaboration with the Network Threats Information Sharing and Analysis Center (NT-ISAC), on the latest DDoS attack methods and defense systems. Our research team continuously studies and analyzes the evolution of DDoS attacks in order to maintain our state-of-the-art mitigation techniques. Earlier this year we even had the opportunity to collaborate with NT-ISAC for the groundbreaking DDoS research project “Bloodspear”, to better understand the nature of modern DDoS attacks.
Taking the stage in front of over 100 people from the tech and cyber security industries, we began the briefing with our keynote topic, disclosing for the first time the most shocking of our discoveries: attacks are now able to bypass nearly all commercial DDoS mitigation systems. Using a proof-of-concept tool, we demonstrated to the audience just how these new-and-improved attacks have bypassed all tested mitigation services and defense systems.
Adding on to this alarming discovery, we also revealed another major finding that nearly 30% of attacks are now layer 7, a steep rise from recent single digit percentages. This sudden rise in layer 7 attacks is a great cause for concern, especially as we’ve estimated DDoS attacks can cause business losses of up to $100,000 per hour – something that no business should have to face.
Though most of today’s DDoS attacks use bandwidth flooding or semantic-based attacks on the application or network level, there’s no limit to how or where the next generation of attacks will strike. As DDoS attacks advance, mitigation strategies targeted towards current attack trends may no longer protect systems sufficiently, leaving enterprises vulnerable to major damages and outages. Together with NT-ISAC, we at Nexusguard are making great strides towards more efficient and effective mitigation solutions.
Though most of today’s DDoS attacks use bandwidth flooding or semantic-based attacks on the application or network level, there’s no limit to how or where the next generation of attacks will strike.