From around 9:30am Monday, the web servers of many state authorities and offices in Luxembourg were down or difficult to reach. At 10.50 am, the state-owned IT operator “Centre des Techniques de l’information de l’Etat” (CTIE) sent a message via Twitter saying the state network was the victim of a so-called “distributed denial of service attack” (DDoS).
Commenting on this, Ben Herzberg, Security Research Group Manager at Imperva Incapsula said “Organisations need to prepare for DDoS attacks, and know ahead of time what they will do when an attack will hit them (And DDoS is a family with different types of attacks, so the organisation need to know they have them all covered). Once they apply protective measures against all types of DDoS attacks, and test the mitigation on their live network, they should make sure that any architecture change they make is also reflected in their security architecture.
“Currently, the amount of resources which an attacker needs in order to inflict severe damage with a DDoS attack is extremely low. However, organisations can and should have a strong mitigation strategy so they can remain safe even when being attacked.”
Lloyd Webb, Director at Cylance, added “Any number of threat actors have – or have stolen – the capability to launch such attacks. At Cylance, we believe that attribution is a very dangerous game. It is a very simple and common practice among state-sponsored threat actors to not only cover their own tracks, but to use the known techniques, tools, and indicators of compromise attributed to other threat actors in order to make those other groups appear to be the perpetrators. It’s more important to ask how the actors were able to circumvent security technologies in order to complete a successful attack.In this case, it could have been anyone from a state-sponsored group to hacktivists or organised crime.
“Denial of service is rapidly becoming one of the industry’s most difficult problems to address due to the explosion in the internet of things and hardware manufacturers’ poor software coding practices. The recent Mirai botnet DDoS attacks on the US-based Dyn, DNS provider was a case in point. Over 100,000 devices, such as IP cameras and home Internet routers were compromised using default credentials using the Mirai botnet malware to create a DDoS attack, flooding their victim with an incredible volume of traffic that they just cannot withstand. What governments can do is to look to the regulate the industry and IOT manufacturers to enforce better security of their products, hence eliminating this glaring wide barn open door for attackers to exploit.
“If a threat actor has sufficient resources in terms of hardware, time, and money, the attempts to wreak havoc can be successful especially where there are insecure devices with default configurations and in built backdoors configured. More needs to be done in the industry to better verify software and operating systems vulnerabilities to prevent such holes being exploited.”
“The motivations behind DDoS attacks can be very broad.” said Stephen Gates, chief research intelligence analyst at NSFOCUS IB. “From notoriety, competitive advantage, and hacktivism to nation-state and terrorist driven, studying the inspirations that cause perpetrators to launch DDoS attacks is never ending. However, global financial instability, worldwide refugee migrations, largescale social unrest and protest, in addition to the rise and fall of government power and control can obviously be a contributor as well.
“Today, it is completely possible to take a smaller country’s Internet completely offline. With the rise of IoT botnets, capable of generating Terabits of DDoS traffic, flooding every Internet on-ramp and off-ramp at a country’s border with bogus traffic is completely doable. Often these attacks are perpetrated from both internal and external sources. Someday, all service providers that provide Internet to a “country” will likely be forced to surround their infrastructures with anti-DDoS technologies and solutions. It’s just a matter of time.
“Defending against DDoS attacks is not rocket science. All DDoS traffic can easily be eliminated by anti-DDoS technologies. If organisations, governments, nations, etc. experience outages, it means they have little-if-any defences in place. DDoS attacks will not go away anytime soon; since they are still effective. If every service provider in the world deployed DDoS defences, this attack vector would finally come to its end.” he added.
Stephanie Weagle, VP at Corero Network Security concluded “DDoS attacks have become many things over the last decade; weapons of cyberwarfare, security breach diversions and service impacting strategies. The motivations for these attack campaigns are endless – financial, political, nation-state, extortion and everything in between. Continuing to rely on traditional IT security solutions, and or human intervention to deal with the growing DDoS epidemic will continue to prove devastating to businesses. As recent events have confirmed once again, proactive, automated protection is required to keep the Internet connected business available in the face of DDoS attacks.”