No one is immune to cyberattacks. As technology continues to march forward and more critical data is stored online, more criminals than ever are targeting businesses through digital vectors. The threat landscape has never been more diverse, nor has the risk of an attack ever been higher.
It is extremely difficult to mount a defense on all fronts. A business that’s well-equipped to protect against worms and malware, for example, may not be able to mitigate advanced persistent threats or information theft. Similarly, a business that’s geared to prevent information theft might not have proper DDoS defenses in place.
Attackers know this, and many now target multiple vectors when attacking an organization. All they need is for one vector to go unprotected; for one layer to be unmonitored. They’re not trying to bash through your best defenses, they’re trying to find the weakest link.
What can you do to stymie their efforts?
The answer to that question first requires that you understand which attacks are likely to be leveled at your organization, along with the chance that you will be targeted. Although all businesses deal with digital crime to some extent, some industries are more at-risk than others. The highest-risk industries – those that fall closest to what we refer to as the “Cyber-Attack Ring of Fire- are as follows:
Whether as a primary or secondary target, a growing number of ISPs are falling into the crosshairs of criminals. While some ISP-targeted attacks are financially motivated (for example, threatening a DDoS unless a ransom is paid) others simply serve as a stepping-stone for a secondary target. The attack vectors for ISP targets are primarily UDP NTP/SSDP reflected floods and UDP fragmented floods.
As with ISPs, uptime is critical for hosting companies – and as such, DDoS ransoms are increasingly common. Not all attackers are financially motivated in this case, however – some organizations are targeted because of the sites they host, while others are targeted with the knowledge that it will impact or disrupt services for their clients.
For hosting companies, the attack vectors are far more diverse than for ISP targets, and include HTTP/HTTPS floods, UDP fragmented floods, ICMP floods and various TCP floods, such as SYN-ACK, PSH-ACK and TCP-RST.
Gaming services such as the PlayStation Network and Xbox Live are repeat targets for hacktivist groups. Their need for constant connectivity means they’ve a single point of failure, making them easy prey for an attacker who wishes to send a message, or simply cause havoc, as was the case with Lizard Squad. The good news is that attacks on gaming services usually follow a narrow set of vectors: SYN floods targeting specific ports, ICMP floods, and UDP fragmented floods.
Government agencies have of late been targeted with alarming frequency by both hacktivists and terrorists. Often, these attacks target government websites, and are either politically-motivated or simply carried out to publicly shame government bodies. DDoS attacks may also target government services as cover for other, more sophisticated attacks.
Brute-force attempts are common, along with UDP/TCP floods launched from widely-available tools.
Given the fact that successfully executing an attack on an educational institution offers considerable notoriety, many self-styled black hats have begun targeting these institutions. Of course, fame isn’t the only reason one might target a school – frustration with the progress of one’s education is another motivation. Most commonly, such attacks hit the mail server and target sites and services involved in either schoolwork or the admission process.
Attack vectors for educational institutions include UDP amplified reflected floods, DNS Query floods, and Web Crawler-based attacks.
Mitigating The Damage
Armed with the knowledge of how and why your organization is likely to be targeted, you can take the following steps to mitigate the damage caused by an attack:
- Automate: Automated DDoS protection is essential, but it’s equally essential that you choose a solution that protects against a wide range of vectors. The more tools you use, the more points of failure you offer up to criminals.
- Address Your Weaknesses: In a recent Radware survey, 33% of organizations revealed a gap in defenses against Volumetric/Pipe Saturation, while 27% were weak to network-based attacks and 26% had little to defend against HTTP/SSL attacks. You need to understand your own security weaknesses, and take measures to plug the holes.
- Remain Vigilant: Automation is only part of the equation: monitor your network traffic and server activity for unusual or suspicious activity.
- Stay Abreast of The News: October 2014 saw the birth of a new type of SYN flood, designed to overcome most security defenses through a TCP-based volume attack. Such developments are common in the security space, and preparing against them requires that you maintain a constant watch on developing trends.
The landscape for cyberattacks has never been more fertile. To learn more about how to mitigate the risks your organization might face, download the Global Application & Network Security Report.