Combating DDoS Attacks in Malaysia: It’s more than just a Defence Mechanism
By Robin Schmitt, General Manager, APAC at Neustar
The crackdown against DDoS (Distributed Denial of Service) attacks is like an arms race for enterprises. They are constantly outnumbered by enemies on all fronts on a battlefield with only a sword and shield in hand – while their opponents are armed with projectile machine guns – making the enterprises’ odds of winning this battle slim to none.
Within the past few years alone, Malaysia has become one of the prime targets for DDoS attacks as reported by digital security agency CyberSecurity Malaysia. Most notable ones were the highly coordinated DDoS attacks launched against four Malaysian financial institutions in July last year – where attackers demanded a ransom of 10 bitcoins (worth almost US$30,000). It has become clear that while the benefits of digitised processes are tremendous, it also opens up avenues for cyberattacks against us. Neustar’s research further validates this – the security solutions provider found that 90 percent of organisations were hit by breaches that stemmed from DDoS offensives.
IoT as a DDoS attack tool
The emergence of cloud computing and IoT (Internet of Things) devices has streamlined the infrastructure of today’s connected world. However, they have also become a tempting target for DDoS attacks – more than 78 percent of enterprises experienced attacks while their IoT devices were in operation.
In spite of that, IoT spend in Malaysia is only set to rise. IDC predicted that by 2018, US$700 million will be spent on four main use cases – connected vehicles, insurance telematics, personal wellness, and smart buildings.
As IoT progresses from a stage of nascence to an enterprise driver, organisations are left with their hands full in attempts to secure the enterprise value chain. Once attackers get hold of vulnerable IoT devices and exploit the security deficiency, it becomes nearly impossible to prevent infection without issuing a security update or recalling the affected devices. With 89 percent of organisations suffering a breach, including data theft, dangerous ransomware, and network compromise with DDoS attacks, the dream of a connected world might be a disaster in the waiting.
Last year was inevitably a watershed moment in IoT security; headlined in the form of IoT botnet Reaper or IoT Troop causing massive destruction at one go – amassing more than 20,000 devices and affecting 2 million hosts that have been identified as potential botnet nodes.
What’s more dangerous is that some of these attacks were used as smokescreens to disarm an organisation’s cybersecurity shield while simultaneously causing a temporary relaxation of networking defences to alleviate the effects of the DDoS. Neustar found that more than half (51 percent) of Asia Pacific organisations reported falling prey to viruses stemming from DDoS attacks. As IoT adoption increases, the number of IoT-driven botnets is only set to escalate, presenting attackers with more opportunities to elude detection.
Better Detection = Greater Protection
As attacks scale in complexity, the average organisation needs at least a couple of hours to definitively detect a DDoS attack and another few hours (if you are lucky) to react and resolve the issues.
To put this into context, it’s estimated that financial services sector in Asia Pacific could be staring at revenue losses upwards of US$15.2m when six hours are taken to respond to a DDoS attack. You can probably imagine the amount of financial impact to the victims during the earlier attacks on the three stock brokerage firms and a bank in July 2017.
This threat represents a new reality where the strikes have morphed beyond standard and commonplace into dangerous and continuous. The financial risks alone can exceed far beyond a quarter of a billion dollars and drives home the point that speed in detection and response is an ally to risk mitigation practices.
Neustar found the top three organisational motivations behind DDoS defence investments, namely: preserving customer confidence, prevention of associated attacks including ransomware and proactively strengthening existing protection. It should come as no surprise that those who seek to harm companies use DDoS as a weapon.
There is however, a silver lining. Businesses are acknowledging this threat by deploying Web Application Firewalls (WAF) that filter, analyse and isolate HTTP traffic stemming from web application security flaws. In fact, 53 percent of respondents have added WAF to their combat arsenals against DDoS – tripling in numbers since March 2017.
The future ahead will offer opportunities for bad actors to devise craftier ways to launch far more dangerous DDoS attacks capable of distracting IT teams and stymieing forensics. Understanding the right combination of defences is crucial and this can be achieved by working with security consultants to develop strategies and law enforcement bodies to provide maximum protection for stakeholders, only then will we be able to remain ahead of the curve on the battlefield and defeat the attackers.