Cybersecurity best practices and DDoS defence strategies
While history is not necessarily a predictor of future, with a bit of hindsight and insight it often gives us clues of what will likely happen again. After looking into the nexus between the past global events and DDoS attacks, we have assessed the risks and severity of DDoS attacks that are likely to occur during the upcoming global events.
As 2018 progresses into 2019, the world is going to witness a number of significant events. The World Cup 2018 and Asian Games. The G20 and WTO summits. Cybercrooks, political and business rivals, angry protestors, haters and even extremists will find these events a golden opportunity to cause a disturbance to the peace of cyberworld.
Insecure IoT devices, publicly accessible Memcached servers and badly configured DNSSEC-enabled DNS servers are among the latest weapons being used by attackers to fire DDoS attacks, especially amplification attacks. The sharp rise in volumetric attacks, many of them amplification attacks, last year confirms that these vulnerabilities have contributed to the exponential growth of botnets and the firepower they command.
A surge in amplification attacks in Q3 2017 and another peak in Q1 2018 were observed. Behind the spate of attacks were just a few hundred real source IP addresses as we probed further. The average attack traffic generated by these source IP addresses was about 449.44Mbps at their peak. The high concentration of attack source IPs suggests that vulnerable, misconfigured or unprotected enterprise resources such as Memcached are increasingly being leveraged as powerful “reflectors” to launch amplification attacks.
This new generation of exploitable and abusable resources has the potential to push the terabit territory further. From individuals to enterprises and service providers, all players are duty bound to increase their security awareness, harden home or workplace network, execute patches regularly, and follow industry best practices to mend the security cracks.
But before such concerted efforts bear fruit, it is still likely that we will see more DDoS attacks on a larger scale. Below are some key events to watch out for rampant DDoS attacks. Getting yourselves prepared for the worst is the first line of defense, especially if your organization is a stakeholder in one of these events.
World Cup 2018 [14 Jun - 15 Jul 2018]
The World Cup is a prime DDoS attack target every time it is played. During the 2018 World Cup, traffic to a wide range of websites and online services generated by soccer fans from around the world will soar to new highs. It will be yet another perfect opportunity for cybercriminals to demand ransom or fierce rivals to disrupt your services by DDoSing your websites or networks.
Turkish General Election (Presidential) [24 Jun 2018]
Politically-motivated cyberattacks first emerged in the 2011 Turkish General Election and then occured every year since then, except 2015. Odds are that attackers will continue to do that in the upcoming election.
Asian Games 2018 [18 Aug - 2 Sep 2018]
Cyberattacks against the organizer’s websites were reported in 2010 and 2014. Organizers of this year's Asian Games in Jakarta and Palembang have also expressed concerns over the potential of cyberattacks affecting major events such as the Opening and Closing Ceremonies.
Brazilian General Election [1 Oct 2018]
Cyberattacks were reported during the last Brazilian presidential election. The possibility of yet another cyberattack with an aim of influencing the voting process and results cannot be ruled out.
G20 Summit 2018 [30 Nov - 1 Dec 2018]
The G20 Summit is a global political event where cyberwarfare is escalated every time it is organized. The 2011 G20 Cannes summit is seen as a watershed in the use of protest techniques that combine cyberattacks and street protests. In the 2016 summit, again, protests in the cyber- and real world were staged. It remains to be seen how this year’s protest will play out, but let’s assume it is going to be a double trouble.
As another important economic summit, the WTO Conference is a peak time for cyberattacks. The first cyberattack on record against the WTO stakeholders took place in 2015.
Risk ratings in relation to selected events in 2018 and 2019
(Click to enlarge)
Gear Up For An Eventful Cyberattack Season
If your reputation built over the years is tied inextricably to one of these global events, we have the right defence strategy to help you survive it without interruption. We also provide recommendations and operational best practices to help you prepare for a major event and defend against all DDoS attacks during the event.
We will get back to you shortly.
Cybercrooks, political and business rivals, angry protestors, haters and even extremists will find these events a golden opportunity to cause a disturbance to the peace of cyberworld.