Interview: Radware discusses DDoS amid soaring internet usage
Radware is a cybersecurity firm that specialises in application delivery solutions for physical, cloud, software defined data center. The company also serves as a managed service provider, delivering SaaS solutions for DDoS, malware, and cloud workload protection.
With the COVID-19 pandemic creating new opportunities for businesses to leverage cloud, there are plenty of opportunities for cybercriminals to create havoc against cloud providers, data center providers, and enterprises.
With such a mass upheaval, threat actors are very adaptive to the situation at hand, knowing exactly how to impact continuity, gain data, or exploit financial motives.
To find out what's going on, we spoke to Radware's VP of technologies for Asia Pacific and Japan, Yaniv Hoffman.
"We see a significant increase in average DDoS attack sizes, mainly due to the proliferation of IoT devices. Botnets are compromising thousands of nodes and generating massive DDoS attacks at terabits per second.
"In the 5G era, any IoT devices can be infected, control, and become part of the DDoS army
There are other concerns too, such as the COVID-19 pandemic, Hoffman adds.
"With the lockdown, the internet has become the world's connection to the outside world. That has led to dramatic spikes in web traffic. Some service providers have publicly shared statistics that show a 30-60% increase in traffic, caused by a record number of people accessing online systems as businesses move online, and consumers engage with the internet.
On top of that, VPN access and remote working mean that the attack surface us now much larger.
"Home offices are remotely connecting to the enterprise through VPN or remote desktop. A DDoS attack targeting an organisation could bring the whole business to a grinding halt.
VPNs and remote desktop solutions are dependent on cloud infrastructure, sharing bandwidth alongside streaming services, gaming, collaboration.
Hoffman adds that SSL protection is important, particularly as at least half of the internet traffic is flowing through the likes of Google, Netflix, YouTube, and WhatsApp.
Providers need to increase their capacity to serve more customers, and protect their own services as well.
That is relevant for organisations everywhere in the world – including Australia. And it's important to distinguish from a genuine DDoS attack, and when a site is overloaded.
"Problems with the MyGov website in Australia were initially attributed to a DDoS attack, but less than two hours later it was revealed that the site was simply overloaded.
"COVID-19 echoes a need for real-time information, so this triggers an increase in traffic as people look for information. This could be misinterpreted as a DDoS attack, which is important to note. Genuine solutions should be able to identify what is genuine traffic and what is malicious, and do it without false positives.
"A solution should be able to challenge information in real time and form a closed feedback loop to identify if it's bad, or good. If it's bad, it should automatically create the right mitigation policy and signature in order to block it.
It must be automated, because attacks change and become more complex by the day.
"Attackers can change one part of their process and suddenly there's a new threat. Automation is a crucial part of the security lifecycle.
He says that organisations – no matter whether they are service providers or enterprises, must have an incident response plan that prepares them to respond to incidents.
"If you can understand the threat, you can be better prepared, and you can better respond.