Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Distributed Denial of Service, otherwise known as DDoS attacks are online attacks in which legitimate users are prevented from accessing their target online location.
The attack happens by flooding the website in question with a multitude of illegitimate information requests.
According to research based on data from the beginning of the year, distributed denial-of-service (DDoS) assaults against Russian companies have grown 2.5 times since the same time last year.
Threat actors are increasingly deploying massive swarms of DDoS-supporting devices (botnets) to conduct devastating assaults against targets in a variety of businesses and sectors.
DDoS assaults are frequently used to blackmail victims with ransom demands or to divert IT teams’ attention away from hackers attempting to steal sensitive data from compromised systems.
Another motivation for initiating these assaults on a company is to disrupt its operations, impair the quality of its services, and direct customers to competitor platforms.
According to a study by Rostelecom, Russia’s largest telecoms company, September 2021 will be the worst month in recent history for DDoS assaults against Russia.
What Happened?
As explained by BleepingComputer, DDoS attackers appear to be shifting their attention away from the gaming business, which was a target in 2020 owing to COVID-19 lockdowns and stay-at-home orders, and toward online trade, banking, and government organizations.
Attacks are now 26 percent more potent than they were in 2020, run 1.5 days longer (from 3 to 4.5), and rely on considerably larger botnets with hundreds of thousands of devices.
The report demonstrates the changing landscape of DDoS attacks on Russian companies against the backdrop of a gradual exit from the remote location and return to the usual life. The analytics was compiled on the basis of data on attacks observed by specialists from the Center for Cybersecurity and Protection of Rostelecom from January to September 2021. For the report, information was analyzed on nearly 300 companies from various industries, including telecom, retail, financial and public sectors. All identified attacks were repelled by the company’s experts.
Key points:
- The number of DDoS attacks against Russian companies continues to grow: in the first three quarters of 2021, this figure increased 2.5 times.
- The largest increase in incidents is observed in three industries: financial and public sector, as well as online trading. At the same time, the number of attacks on data centers and gaming resources, which a year ago were in the focus of cybercriminals, is decreasing.
- Together with the number, the power and duration of attacks increases. The most powerful was recorded in May, and its capacity was 462 Gbps, which is one third higher than the peak value recorded in the first three quarters of 2020. And the longest attack in the reporting period lasted almost 4.5 days. A year earlier, this indicator for the first three quarters averaged 3 days.
- Hackers continue to use large-scale botnets to increase the power of attacks. During the reporting period, the Meris botnet was active, with an estimated scale of 200 thousand devices.
- The most common types of attacks are UDP flood, SYN flood, and fragmented packet attacks (FRAG), which are usually organized using botnets. Fragmented packet attacks were twice as likely to be used by cybercriminals during the reporting period than in 2020.
SYN flooding, UDP flooding, and fragmented packet assaults are the most common forms of DDoS attacks (FRAG).
While there hasn’t been a technical breakthrough this year to break through all mitigations, DDoS attackers appear to be compensating by increasing their scale.
According to Rostelecom, MikroTik networking equipment is the most often recruited device in the studied 2021 DDoS swarms.
The telecom was able to identify and “release” 45,000 of these devices during its inquiry, but many more are still under the control of DDoS botnet operators.
To decrease the danger and effect of DDoS assaults, Rostelecom recommends separating web apps from the rest of your company’s resources, either by putting them in separate data centers or putting them on separate websites.
They also recommend including a Web Application Firewall (WAF) as an extra layer in your existing anti-DDoS solution, which should assist prevent app data theft.
Protect Yourself Against DDoS Attacks
DDoS assaults are increasing in volume and regularity, therefore having a protection strategy in place is critical for your company’s survival.
It’s critical to have a strategy in place ahead of time for how you’ll respond in the event of a disaster.
Form a response team, establish protocols, and compile a list of internal and external contacts who should be notified in the event of a security breach.
To ensure that all bugs and issues are resolved, keep your system and all of the applications you use up to date.
If you liked this article, follow us on LinkedIn, Twitter, YouTube, Facebook, and Instagram to keep up to date with everything we post.
Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.
