DDoS attacks: businesses in all sectors are vulnerable
Published on 27/09/2021 in Tech, tips & tricks
The goal behind more than 10,000 monthly DDoS attacks in Belgium is to make a server or entire IT infrastructure unavailable. How do you anticipate and prevent a cybercrime that doesn’t only target big companies?
From 50 to 300 Gbps in one year
When it comes to cybercrime, there are probably as many scenarios as there are criminals. With DDoS (distributed denial-of-service), the real surprise is the exponential growth of attacks targeting both companies and individuals. “If the average volume of requests sent simultaneously was 50 Gbps in 2020, it has now increased to 300 Gbps. We’re talking about 60 million packets per second during an attack. Suffice to say that no classic protection can counter such an attack,” says Mounir Senhaji, Security Consultant and DDoS specialist at Proximus.
Storming of IT infrastructure
The result of a successful attack is server bandwidth saturation or even system resource exhaustion. Effective protection against these attacks requires a solution capable of mitigating attacks at the level of the Internet provider. This also needs to be complemented with an on-site solution capable of blocking application attacks.
Maintain a secure infrastructure and protect your devices and data from security threats such as ransomware, DDoS and phishing.
Thimo De Souter, Security Specialist at the Proximus Davinsi Labs accelerator, notes several reasons for these attacks: “Financial motivation, of course, with ransomware. The objective can also be the destabilization of a competitor. I would even say an attack could be a demonstration of ideological or political beliefs, in digital form. At exam times, you can also see an increase in DDoS attacks carried out by bored students.”
“We are even witnessing the worrying emergence of illegal as-a-service solutions that allow anyone to trigger a DDoS attack,” says Senhaji.
If all organizations are targeted, the largest structures often have to deal with the most sophisticated cybercriminals.
Mounir Senhaji - Security Consultant and DDoS Specialist at Proximus.
All economic sectors
The rise of remote working is a dream come true for cybercriminals. More connections mean a greater risk of breaches. According to Senhaji, no sector is spared. “Banks, of course, but the health sector, retail, and education have all been hit hard. The attacks have more and more impact and follow a well-established playbook. The watchword is anticipation, and of course we support companies with tailor-made solutions.”
Analyze, configure, and test
Technically, DDoS can be controlled upstream. De Souter offers a step-by-step plan. “Map existing infrastructure and remove any obsolete or unused systems exposed to the Internet. Critical systems must then be analyzed to determine the protection budget you need to allocate to them. Last but not least, test the anti-DDOS configurations using, for example, the simulation tool from Davinsi Labs.”
“Cloud and on-site anti-DDoS solutions have their advantages and limitations. They complement each other. DDoS is a matter of time, regular testing and long-term maintenance,” adds Senhaji.
“If all organizations are targeted, the largest structures often have to deal with the most sophisticated cybercriminals.” There’s nothing like a simulation to prepare you. “After the infrastructure test, we can also run more targeted tests: the VPN server or the home page of an e-commerce site for example. The simulator searches for vulnerablilities, just as the criminal would. We then formulate a simulation proposal based on an attack on the volumetric or application layer,” explains De Souter.
Effective (and sometimes surprising) results
Thanks to the dashboard, the customer can follow a simulated attack in real time. “The final report gives a precise overview of the vulnerabilities and the measures that need to be taken. The goal is for the client to become aware of their situation. Our experience shows that even organizations that are already protected can be surprised by the results and the fragility of their position. A poor configuration or too small a perimeter is often the root of the problem,” says De Souter.
Do you have questions about your organization’s security? Talk to one of our experts.
Mounir Senhaji is a Security Consultant and DDoS Specialist at Proximus. For 20 years, he has followed emerging IT security technologies and the rapid development of cybercrime.
Thimo De Souter is a Security Specialist, ethical hacker and Lead Developer of the Davinsi Labs DDoS simulator. He shares his cybersecurity expertise and his extensive experience with Davinsi Labs, one of the Proximus accelerators.
Davinsi Labs is a Proximus Accelerator and helps companies achieve Digital Service Excellence through specialised Security Intelligence and Service Intelligence solutions. In today's digital world, customers expect their data to be managed with the utmost security and they want a fast, flawless customer experience. As a Managed Services Provider, Davinsi Labs offers a portfolio of solutions to achieve Digital Service Excellence for the most business-critical applications and services.