Global Secure Layer Security Team | 03 March, 2022
With geo-political tensions rising each day between Russia and Ukraine and the threat and execution of DDoS cyber warfare continuing to mount, we thought it would be best to provide comments to key questions we have been asked over the last couple of days. The current conflict has highlighted DDoS (Distributed Denial of Service) attacks continue to be a major tactic in cyber warfare. Recent recommendations from industry leading intelligence and cyber security organisations encourage Australian companies to urgently adopt an enhanced cyber security posture and awareness.
Why are DDoS attacks the weapon of choice in these Russia/Ukraine cyber attacks?
Russia has been launching large cyber warfare campaigns against Ukraine for many years and has intensified in the last few weeks. DDoS attacks are in most cases one of the easiest cyber weapons to deploy and in the current climate particularly straight forward to add into the warfare campaigns. They can often act as a ‘smoke and mirrors’ effect, distracting from the real target of the attack. During which other exploits could be deployed against military, utility services and other high value targets, in turn maximising the damage.
Will we see these attacks outside Ukraine?
Absolutely, there have been multiple instances of DDoS attacks being used by APT (Advanced Persistent Threat) groups in cyber warfare campaigns against both governments and private organisations of neighbouring countries. The simple matter is, DDoS attacks are being used extensively in order to disrupt services, however, more and more of these threat actors are looking for vulnerable vectors in order to gain access into secure systems. DDoS is more of a weapon of disruption versus intrusion/compromise, but when used together, becomes an extremely dangerous weapon of cyber warfare.
Will there be an escalation of cyber attacks?
It’s hard to speculate on this particular topic as we are watching it as it unfolds, however, APT groups are already extremely aware of the success of launching DDoS attacks as part of cyber warfare campaigns. It's still too early to say definitely, but short term trends are showing a decrease in attacks originating from Russia towards our global network. This is likely due to the saturation of vulnerable hosts already being used in the cyber warfare campaign against Ukraine. We do expect this to normalise back to standard levels, however, DDoS attacks being used as a weapon is likely to increase.
What should CISOs or Security Officers be doing to prevent attacks?
One of the most important things CISOs can prioritise is having a proactive DDoS protection provider, such as Global Secure Layer that provides real-time inline DDoS protection.
Governments are already raising the cyber threat level to unprecedented levels. CISOs must proactively approach this new threat landscape, the threat and impact of DDoS attacks are not going away anytime soon. Our global DDoS mitigation systems automatically analyse and learn from new attack vectors detected and deploys global rules. In the last 24 hours we have received 1547 DDoS attacks against our network.
By having our DDoS protection inline with your network, it can mitigate an attack in under 1 second. With advanced attack detection and rule sets with real time packet inspection, we ensure your network is protected inline. Our security team is constantly reviewing attacks 24/7 in real-time.
If you are currently experiencing DDoS attacks or are wanting to be proactive and have a secure system in place quickly given the current situation, we can have our DDoS protection turned up in a matter of minutes and seamlessly integrate with your network.