M+E Connections

Organizations of all sizes need access to high-quality mitigation controls, platform scale and the expertise to stop distributed denial-of-service (DDoS) attack campaigns in their tracks – and that was especially clear last year, which saw a rise in such attacks, according to Akamai security experts.

With cyber-attacks becoming increasingly distributed in terms of both industries targeted and attack vectors leveraged, keeping business-critical assets up and running is more important than ever, they said Jan. 27 during the webinar “DDoS and How It Differs from Other Cyber-attacks.”

Noting that DDoS attacks are a little different than other types of cyber-attacks, Matt Mosher, global director of Prolexic Security Specialists at Akamai, explained: “The whole point of DDoS is resource exhaustion” when somebody is attacking you. “It’s attacking your bandwidth, it’s attacking your memory, it’s attacking your CPU and any of your network devices – and so you have to have enough capacity to be able to fight and fend off the attack,” he said.

As a result, “any kind of meaningful, substantial DDoS attack event is going to end in the cloud” and “it’s going to require that you really use a cloud provider to defend you against that,” he said, pointing out: “It was one of the first security problems that really required the cloud be part of that solution.”

Another thing that is different about a DDoS attack is that it “happens relatively infrequently compared to a lot of other” types of attacks, he said. Akamai sees “hundreds of millions” of cyber-attacks each day but, with DDoS, “we might see 20,000 meaningful” attacks a year, he noted.

Also different: “It’s going to become public knowledge” because people can’t access your website if it’s the victim of a DDoS attack, he noted, adding a customer of his once described a DDoS attack as like “trying to fight in a phone booth.”

Moving to the cloud, however, gives you more capacity to apply the right controls and manage a DDoS attack, he said.

It is important for an organization to detect a DDoS attack and then apply mitigation, according to Tony Lauro, Akamai director of technology and security strategy, who noted those are the first two steps to fight it.

“Security tools have to evolve” to support distributed environments and “being able to leverage a cloud-based platform can give you a bigger picture of what’s happening outside of just your own connection to the Internet” to see what threats are out there, he said.

“I think that’s huge,” replied Mosher, explaining: “That may be the number one benefit … Having a common platform that’s experiencing multiple kinds of attacks and having an organization that can kind of synthesize that… so that we can benefit from malicious activity we see occurring with one customer and be able to apply that to other customers proactively – it’s kind of a game changer.” And it’s been an “immense benefit to some of our customers,” he said.

An “Unprecedented” Year

2020 was “a year of interesting activity” when it comes to attacks, Lauro noted. It was a year in which “we’ve seen more activity … than any other year,” Mosher said.

Pointing to an FBI flash report in August, Mosher noted there were thousands of reports of DDoS attacks in a two-week period, and some of that continues although the rate has declined somewhat.

We’ve “seen extortion before” for money with DDoS attacks but 2020 was “unprecedented” when it comes to extortion campaigns, Mosher said. After kind of taking a year off in 2019, they were back in 2020 “with a vengeance,” with attacks that were followed by followup attacks in many cases, he said.

Prior attacks before 2020 have focused on one vertical and one region. But “almost every single vertical you can think of has been impacted” when talking about last year’s DDoS attacks, Mosher said. “That’s kind of unprecedented in itself …and every single region of the world has been impacted,” he told viewers, noting the U.S., Europe and Asia all had extortion activity. That was “just unprecedented” – as well as “shocking and surprising,” he said.

The most complex DDoS attack of 2020 on Akamai’s platform included five IPs targeted with nine different attack vectors used, including botnets and Internet of Things (IoT) activity, Mosher said. The attack was also greater than 1 Tbps for over an hour, he added.

It was a concerning sign that the attackers’ capabilities had become “a lot more significant than in years past,” Lauro said.