High-risk attack surfaces now and before
DDoS attacks are the cost of doing business online. This is just one of some observations made during Akamai’s APAC virtual summit, last month.
Deepa Singhal, regional VP of Web and Security, india shared a few trends Akamai has seen the past few months, one of them being DDoS that is one threat that essentially remained steady both before and during the COVID-19 outbreak.
Akamai has mitigated 910 attacks between 1st Jan till 1st of March, and after that attacks have continued steadily. The size of these attacks seem to be increasing steadily as well.
“Just the past month on 4th June, Akamai mitigated one of the largest and most complex DDoS attack the Internet has ever seen,” Deepa said.
Akamai saw a 1.44 terabits per second attack on a high technology organisation, and since then, similar large attacks have happened at the pace of a ‘steady drum beat.’
Preying on social change
Attackers using phishing methods have also definitely taken advantage of the current social disruption wreaked by COVID-19. Attacks using this me
Akamai, by analytising real-time DNS resolution happening worldwide, has uncovered over 9000 COVID-related phishing URLs on a daily basis for the last few weeks
Are phishing attacks being industrialised? Multiple attackers can download phishing toolkits, set up their own phishing website and launch phishing attacks against end users, now.
The number of users phished on these toolkits remained steady week on week until mid-March when countries were grappling with the coronavirus and going into their respective lockdowns. The number of users increased exponentially, because the phishing campaign capitalised on peoples’ need for virus-related information.
Deepa advised organisations need to take a step back, examine their security posture, and identify attack surfaces that are higher risk due to these trends.
Due to self-quarantining measures people have become dependent on e-commerce and online transactions more than ever before.
It has now become even more critical to defend against Magecart attacks or web skimming attack that take advantage of this shift in end user behaviours towrds online activities. CSO Online describes Magecart as a consortium of malicious hacker groups who target online shopping card systems (a supply chain attack) to compromise third party software.
The end goal is to steal customer payment card information.
Deepa observed attackers have used the current e-commerce trend as opportunity to ramp up their credit card credentials skimming efforts. She shared a Malwarebytes statistic that saw a 26-percent increase in web skimming attacks, across their customer base.
Akamai claims to be able to protect against compromised third-party scripts that render login/checkout webpages vulnerable to such web skimming attacks.
Attackers are focusing on higher-value targets like user accounts, using a technique called credential stuffing. These attacks have doubled since 2019, according to Akamai research.
Credential stuffing is possible because users reuse passwords across different digital services. Use of passwords to authenticate and authorise access to digital services has been, and continues to be an often used vector for compromise and attack.