<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

Everything you need to know about DDoS attacks

Posted: 15 November 2017

DDoS Attacks Everything you Need to Know Risk Mitigation

Since the first Denial-of-Service (DoS) attack was launched in 1974, Distributed Denial-of-Service (DDoS) attacks have remained among the most persistent and damaging cyber-attacks. Let’s examine how these attacks have evolved and how your company can mitigate them:

DDoS in Review

A Denial-of-Service (DoS) attack is an attack targeting the availability of network resources and applications. Unlike other kinds of attacks, DoS attacks’ primary goal is not so much to infiltrate data, but rather to slow or take down altogether a network device, an application, and/or a website. A Distributed Denial of Service (DDoS) attack is the most common variant. In “Eliminating Single Points of Failure, Part 1” Radware’s Louis Scialabba reviews how DDoS attacks work and some instances where DDoS attacks have been in the news (surprise – it’s more often than you think).

What risks do DDoS attacks pose to enterprises?

Denial-of-Service attacks affect enterprises from all sectors, all sizes, and all locations. These types of attacks are hard to detect and block since the attack traffic can be easily confused with legitimate traffic. In “Eliminating Single Points of Failure, Part 2,” Louis looks at the impact of DDoS attacks, type of attacks, and some of the mitigation strategies businesses can employ.

Speaking of mitigation…

According to Radware’s Carl Herberger, “attack mitigation is not a core competency of modern day security programs.” In “Hey there Security Professional….How do YOU mitigate attacks?” Carl looks at six key attributes that hacktivist groups look to exploit in their victims, and why companies need to evolve their security strategy at the speed of cyber security evolution.

What kinds of attacks are we dealing with?

“Ultra-adaptive hackers” have given rise to five particularly nasty attack techniques in 2017, including Advanced Persistent DoS (APDoS), DNS Water Torture attacks, SSL-based attacks, and more. In Part 1 and Part 2 of this blog series, Carl takes a deep dive into these attack types and shares what you need to know to protect your organization from them.

How do you know if you're vulnerable to these attacks?

If your company is doing the same thing today that you were doing even a year or two ago, that model is no longer effective. Many forms of attacks are known, but the most dangerous are the unknown threats that we haven’t faced yet, which are cropping up every single day. It is time for security professionals to audit their current processes and determine where there might be vulnerabilities. In Part 1 and Part 2 of this series from Carl, he looks at which vulnerabilities need to be tested and why.

DDoS-as-a-Service

Since the beginning of 2016, Radware’s ERT Research division has been monitoring a number of services available on both the Clear and the Darknet. These services make it possible for even novice hackers to purchase attack services and launch large-scale DDoS attacks at not much cost. In “The Growth of DDoS-as-a-Service: Stresser Services,” Radware’s ERT Researcher Daniel Smith breaks down the types of services available.

Happy Anniversary?

One of the most well-known DDoS attacks to happen in recent memory was the Dyn attack of 2016. One year ago, an attack was launched that disrupted service on many popular web sites. This attack was the work of the Mirai botnet, which enslaved hundreds of thousands of IoT devices that were then used to launch additional attacks. In “The Dyn Attack – One Year Later” Ron Winward analyzes the attack to see how a similar attack could occur in the future.

Conclusion

The motives for these attacks may differ in each case, but a robust security strategy is important to ensure that your company is protected from these threats. The threat landscape is constantly changing, and as we learned from the Dyn attack, you won’t always see an attack coming or know what it will look like. Knowledge is power – arm yourself with the resources to protect your business.

(This post originally appeared on the official Radware Blog)

Top 9 DDoS Threats your Organisation must be prepared for IoT Botnet Attack

Radware Team Post Credits:

Louis Scialabba, Director, Carrier Solutions Marketing, Radware  |  Carl Herberger, VP Security Solutions, Product Marketing, Radware  |  Daniel Smith, ERT Researcher, Radware  |  Ron Winward, Security Evangelist, Radware
Posted by: Radware Team
Post Credits: Louis Scialabba, Director, Carrier Solutions Marketing, Radware | Carl Herberger, VP Security Solutions, Product Marketing, Radware | Daniel Smith, ERT Researcher, Radware | Ron Winward, Security Evangelist, Radware

 

Share via:

    

Subscribe to VSEC Blog Updates

Terms and Conditions:
  • When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:
    • We will use your details to send you blog updates.
    • We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.
  • We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.
  • In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.
  • Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.

Popular Posts