Critical Cybersecurity Outsourcing: DDoS and Network-Level Protections
In the aftermath of the Colonial Pipeline attack, critical infrastructure operators must eradicate the specter of lackluster network security.
One of the most pernicious breaches to deal with is the distributed denial of service (DDoS) attack, in which manifold connected devices are hijacked to knock down target websites with malicious access requests.
The Internet of Things widens the scope for DDoS attacks both because it increases the number of devices that hijackers can access, and because security on endpoints is often lacking.
And while IoT intrinsically involves physical hardware, it acts as the bridge to operating large swathes of critical infrastructure.
It’s one of the main cavities for DDoS attacks, and new vectors are consistently being uncovered. Cybersecurity experts from DDoS protection services provider Netscout uncovered seven new vectors for DDoS from January to July 2021, with energy and utility infrastructure amongst the hardest hit.
“There’s a couple of things we’ve noticed with DDoS attack vectors,” said Richard Hummel, Netscout’s threat intelligence lead. “One is that the vectors continue coming. There’s never a point in time where a vector is never used anymore. And what we’re seeing is that these vectors don’t get cleaned up.”
Due to the multi-faceted nature of cyber threats, a burgeoning industry for cyber protection services has emerged to assist under resourced organizations.
Cyber security products can integrate at device, edge network, mobile network or cloud level to detect malicious activity and redirect sensitive IoT device data or signaling traffic through secure overlays.
Even where critical services providers possess internal technology specialists, DDoS attacks with sufficient firepower are likely to create challenges. Putting into place external assistance and tools such as automated traffic rerouting can offer reassurance to enterprises in these cases.
“Our mobile network-based solution is complemented by a SIM applet,” said Adam Weinberg, chief technology officer of Israel-headquartered network protection firm FirstPoint Mobile. “Together, these components automatically detect, alert about and protect against suspicious communications for every device.”
“Implementation of FirstPoint’s solution is simple and requires standard connections to the core network. It’s simpler than connecting a mobile virtual network operator (MVNO) to a mobile network operator (MNO).”
“The mobile network-based approach means all security features are implemented at the network level and addresses all cellular security threats, including fake cell towers, signaling attacks, SMS-based attacks and mobile IP-data attacks.”
While some companies could host a scrubbing center on premises to thwart threats internally, Netscout’s Hummel said it was unaffordable for organizations on a tight budget. Larger companies might favor a hybrid approach – often deploying on-premises security for routine attacks, but resorting to cloud protection when breaches exceed predefined thresholds.
“We see that a lot,” said Hummel. “Many large organizations want the ability and control to mitigate attacks they see themselves, but don’t necessarily have the capacity for an entire scrubbing center, which can get very expensive
“What they’ll do is have the endpoint security in the enterprise. Then if an attack comes in, the box is designed to send a signal to cloud services.
“You may never need help on-premises in defeating a DDoS attack. But in the event you do need to reroute traffic, the signal has already been sent and the cloud center is already primed so that if the attack exceeds your threshold or capacity, then rerouting automatically occurs.”