Page 150 - Cyber Defense eMagazine October 2023
P. 150
Another highly targeted vertical is the IT and Technical Services sector, which accounted for 25% of
attacks in 2022. This industry offers a variety of opportunities for hackers to infiltrate, with attackers’ main
goal being to look for sensitive information or to gain access to an end user.
During 2023, we’ve seen a large increase of DDoS attacks against finance and healthcare, which in 2022
accounted for 14% and 13% of attacks, respectively. While no industry is safe, those with unique
vulnerabilities are at an even greater risk.
A growing vulnerability landscape
DDoS attacks are created using botnets, which are large networks of compromised computers
repurposed to launch cyberattacks. In 2022 there was a significant increase in application and
infrastructure-related vulnerabilities. In fact, over 26,000 new application and infrastructure vulnerabilities
were added to the National Vulnerability Database last year. What this means for DDoS attacks is an
expansion in the size of botnets used to create them.
There are numerous ways to target application and infrastructure-related vulnerabilities. For example,
stolen credentials easily allow attackers to authenticate applications, bypass security, elevate privileges,
and conduct malicious activities. Pre-packaged exploit kits and services sold on the dark web allow even
unskilled adversaries to exploit targeted software vulnerabilities in client applications and browsers to
execute code remotely. These exploits introduce multiple threat vectors for adversaries to enter the
business behind traditional security controls.
This ease of access is paired with ongoing vulnerabilities and the challenge of patch management, which
is the process of updating software to correct errors and protect against vulnerabilities. These factors
make it difficult to secure applications and infrastructures in business environments.
Take action now to bolster defenses for the future
Mitigating DDoS attacks requires a multifaceted approach. The U.S. Cybersecurity & Infrastructure
Security Agency (CISA) recommends working with your ISP to defend against DDoS attacks. That’s
because even if you implement local solutions like rate-limiting firewalls, only your ISP can mitigate
upstream bandwidth saturation issues resulting from a DDoS.
One key technique ISPs use involves BGP Flowspec, a powerful traffic filtering mechanism to
dynamically distribute filtering rules across their network infrastructure. This enables immediate and
precise mitigation of DDoS attack traffic without disrupting legitimate data flow.
Additionally, security providers use distributed scrubbing centers that can handle high volumes of
malicious traffic, diverting it away from the targeted infrastructure to specialized facilities. To enhance
responses to this traffic, ask if your ISP tunes your DDoS mitigation to reflect actual application traffic
based on peace-time traffic and legitimate applications, enabling better identification and isolation of
anomalous traffic during an attack while minimizing false positives.
Cyber Defense eMagazine – October 2023 Edition 150
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
