<img alt="" src="https://secure.leadforensics.com/89462.png" style="display:none;">

CSPs Need to Adopt Smarter Ways to Combat Evolving DDoS Attacks

Donny Chong is the Product Director at Nexusguard. He is responsible for designing the company’s solutions for the enterprise. His broad ten-year tenure includes both the technology and telecommunications industries. Chong designed the Nexusguard channel program and built global product marketing practice. His insight and expertise have led the company to become one of the world’s most trusted DDoS defense products and solutions – suitable for premium clients, SMEs, and service providers.

In a recent interaction with Augustin Kurian, Senior Feature Writer at CISO MAG, Chong speaks about the resurgence of DDoS-as-a-service, abuse of DNS vulnerabilities, and the surge in bit-and-piece DDoS attacks and how CSPs are supposed to combat it.

1. The resurgence of DDoS-as-a-service and the growing botnets reinforce the evolving cyber threat of DDoS attacks for enterprises and communications service providers (CSPs). Do you feel the attack surface has been heightened post-COVID-19?
Yes, without a doubt. In an effort to curb the spread of the ongoing COVID-19 global pandemic, working from home has become the new norm and the dependency on internet connectivity has never been more important. The heavy reliance on the internet, however, has not only led to a huge rise in DNS amplification attacks but also a resurgence in DDoS-for-hire services, which is a trend that will persist and is unlikely to go away anytime soon. As DDoS attacks become more sophisticated and more difficult to stop, exacerbated by the revolution of remote working, CSPs will have to adapt to, and address the new attack methods brought forth by the global pandemic, and look at smarter ways into mitigating and managing DDoS attacks for the post-COVID-19 world.

2. There has been a nearly 570% increase in bit-and-piece DDoS attacks in Q2 2020. Due to this, the communications service providers (CSPs) were forced to subject entire networks of traffic to risk mitigation. What are the best practices to avoid these threat vectors when attacks are smaller than 30Mbps?
Given that DDoS attacks have continued to evolve and have become more geared towards attacking the architectural design of CSPs, CSPs need to evolve and adopt smarter ways of learning traffic behavior during peacetime and monitoring traffic from a more comprehensive point of view. While CSPs will do their utmost to carry out the above measures, without AI-driven methods, such actions will only deliver limited results.

In order to implement such strategies properly, the current capabilities of CSPs might be limited, and hence, it would be best to look into purpose-built solutions with “deep learning-based” predictive technologies to more effectively implement this strategy.
 
3. Hackers have lately been blending multiple attack vectors to launch a wider range of UDP-based attacks making them harder for CSPs to detect. In scenarios like these, CSPs find it difficult to differentiate between malicious traffic and legitimate traffic. This is an alarming trend considering hackers are innovating faster than enterprises. Do you think there is a considerable gap between evolving attack vectors and mitigation strategies?
Yes. Cybercriminals have changed tactics, opting to launch more stealthy and methodical attacks designed specifically to bypass existing traditional detection and mitigation technologies. As bit-and-piece attacks become more widely employed, DDoS detection and mitigation are no longer an issue that can be resolved by means of a single on-premise device, cloud-based solution or even an hybrid solution. To fend off this continuing trend, CSPs need to step up and take an integrated approach to implement defense-in-depth and breadth, putting together best-in-class solutions so that they can offer a comprehensive and effective solution. Furthermore, the use of “deep learning-based” predictive methods would be an effective mitigation strategy.
 
4. Last year, a continued shift to leveraging mobile devices in attacks had created a new breed of botnets that caused the maximum attack durations to spike to more than 40,000 minutes at a time or more than 27 days. Do you think the trend is continuing? Also, is it safe to say that IoT Security has taken a backseat since the onset of COVID-19?
Yes. Cybercriminals often choose targets that offer the least resistance and the easiest way to generate a powerful attack. As the usage of mobile devices grows, we are seeing more mobile devices becoming compromised and used as a source of an attack. Cybercriminals look at the weakest link, and since IoT devices are vulnerable and easily compromised, they are fast becoming hacking targets, resulting in havoc on our cyberworld.

No. IoT security has not been neglected since the outbreak of COVID-19. It is and has always been the key focus of the IoT community, which continually strives to improve the security of the IoT landscape.
 
5. Over the years, Domain Name System Security Extensions (DNSSEC) has been gaining acceptance as the patch and is now causing a new set of problems for organizations. How is the cybersecurity industry responding to this?
Although tactics to abuse DNS server vulnerabilities will inevitably continue to evolve, we believe that DNSSEC is still of paramount importance. To safeguard against amplification attacks from saturating victim networks and hosts, it is imperative that CSPs, telcos, DNS providers, etc. employ security policies and enhanced security measures. Suggested measures include access control, monitoring of DNS service, detection of abnormal requests, and mitigation of abnormal DNS requests.

6. There has been a lot of talk about the need for DNSSEC. The abuse of DNS was not something that was anticipated even till mid-2019. Do you feel there is still a lack of understanding of the abuse of DNS? Also, was the cybersecurity industry ready to tackle it when it found the problem?
Owing to a lack of security awareness, the abuse of DNS server vulnerabilities is still not taken very seriously. DNS servers built and controlled by CSPs, enterprises, and government organizations, which are well regulated and conform to stringent security standards, pose no real threat. However, anyone can also build their DNS server, with no regulation or enforced security standards that must be adhered to, which most often results in abuse and exploitation by cybercriminals.

7. Last year, China held its lead as a source of DDoS attacks, with 23% of attacks originating in the country. There have also been several accusations on China and its involvement in corporate espionage, and even state-sponsored attacks to steal vaccine development. At a point when the information security space is vulnerable due to remote working and COVID-19, what initiatives can countries adapt to mitigate state-sponsored attacks?
Countries must upgrade and ensure that their critical infrastructure is robust and has the necessary security and response plans in place, to protect critical infrastructures such as utilities, financial systems, and government backbones, in the event of serious incidents.

Countries should develop their own cybersecurity program. Many nations have already established their own cybersecurity agencies, which specialize in cybersecurity of the nation from a country level.