DDoS attacks are characterized by having devastating consequences on their victims, negatively impacting the activities that are carried out, both individually and corporate. However, there are myths that must be clarified regarding these attacks. Small misunderstandings regarding DDoS protection may cost significantly more in the future.
DDoS attacks are no longer a problem today
Fatal error . According to a report presented by the Radware company (2019-2020), about a third of the participating companies have experienced a DDoS attack. Most worryingly, cybercriminals have evolved quite a bit. The way in which they carry out the attacks is becoming more sophisticated, as well, the targets they choose are massive instead of a small group of victims. An important detail is that more than 90% of the attacks that were carried out were directed at the application layer. What does this mean? That the attacks were made against services and applications that run with protocols such as HTTP, HTTPS, DNS and others.
On the other hand, saturation- oriented DDoS attacks have been reduced by 9%. To be in context, such an attack consists of large volumes of data flow traveling to the victim with high bandwidth that the victim is unable to handle. The most common scenarios of this type of attack use UDP packets since they are very easy to send and difficult to mitigate. Despite the fact that many attacks focus on saturating the incoming bandwidth, there are many others that identify and are made of large files with the aim of saturating the outgoing bandwidth.
However, there is an increase in the trend related to attacks with a specific target such as specific application servers, firewalls and SQL servers. It does not matter that any other type of attack no longer occurs as often as before, we must still be alert and take adequate security measures.
DDoS Ransom Notes are a thing of the past
A Ransom Note is an email message that reaches victims who are part of the cybercriminal’s target organization. This message requests that a payment be made to the cybercriminal in question so that it does not start executing DDoS attacks on the organization’s website, web application or infrastructure.
Below, we share with you an example of a Ransom Note shared by the portal of the cybersecurity company Imperva :
From: Armada Collective
Subject: DDOS ATTACK!!!
Date: Wed, 9 Mar 2016 XX:XX:XX +0000
FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!
We are Armada Collective.
http://www.govcert.admin.ch/blog/14/armada-collective-blackmails-swiss-hosting-providers
All your servers will be DDoS-ed starting Monday (March 14) if you
don’t pay protection – 25 Bitcoins @
17j7onEtLgS2pd6qLekKQCteqTrnAFXZVS
If you don’t pay by Monday, attack will start, price to stop will
increase to 50 BTC and will go up 20 BTC for every day of attack.
This is not a joke.
Our attacks are extremely powerful – sometimes over 1 Tbps per second.
So, no cheap protection will help.
Prevent it all with just 25 BTC @ 17j7onEtLgS2pd6qLekKQCteqTrnAFXZVS
Do not reply, we will not read. Pay and we will know its you. Y TU
WILL NEVER AGAIN HEAR FROM US!
Bitcoin is anonymous, nobody will ever know you cooperated
Basically, what this note says is that by March 14, DDoS attacks will be given to the organization if a “ransom” is not paid to have “protection”. Much of the Ransom Notes, and the ransomware attacks in question, call for payments to be made with the Bitcoin cryptocurrency to a certain address.
This type of notes generates fear, because the attacker usually highlights how powerful they are when carrying out malicious actions, and the high level of damage that could be generated.
According to the Radware report, ransomware attacks have increased by 16% year-over-year. In short, this type of attack is the main one among 70% of the North American organizations affected by cyber attacks.
Your ISP and your cloud service provider effectively protect you
Unfortunately, this is not entirely true. Although these providers have a strong commitment to provide high quality of service and availability, protection measures may not be sufficient against certain attacks. This is mainly due to the costs that they carry in principle, especially for customers. However, the money customers save by purchasing highly accessible service packages is quite expensive when faced with DDoS attacks of all kinds.
Emphasizing cloud service providers, these, in turn, have other providers to host a large part of their clients’ applications and services. Generally, cloud service providers can guarantee the protection of what is hosted within their facilities. However, what is located outside them is at very high risk since visibility about the protection measures is not always available.
Although our suppliers give us basic protection tools, these are not enough to be completely safe. This is the importance of evaluating requirements, risks and impacts before deciding directly on a supplier and / or economic plans.
