DDoS Disruption: Election Attacks

In an increasingly politically and economically volatile landscape, cybercrime has become the new geopolitical tool. Attacks on political websites and critical national infrastructure services are ever more frequent not only because the tools to do these are simpler, cheaper and more widely available, but also due to desire and capabilities of attackers to impact real-world events such as election processes, while staying undiscovered. Not surprisingly, a third of respondents to NETSCOUT's latest Worldwide Infrastructure Security Report saw political or ideological disputes as motivation for DDoS attacks.

As such, we are reminded that cyberattacks against elections are a major concern for the US—recall the recent DDoS attack that crashed a Tennessee county's website on election night in May. The Department of Homeland Security has warned against voting machine hacks and targeted attacks against campaigns. The agency said that in 2016, hackers targeted election systems in 21 states.

Election officials are on high alert for future DDoS attacks and the risk they pose to availability of systems, and more importantly, to confidence in the entire system, which hangs in the balance as we consider the integrity, sanctity and validity of election results overall. Moreover, DDoS attacks on election night pose risk to the availability of information. Imagine if the AP suffered an outage due to a DDoS attack on election night?

The Risk of Volumetric Attack

The sudden emergence of MemcacheD as an attack vector earlier this year certainly brings the possibility of a massive DDoS attack into focus for election officials. The reality is that while 2018 has ushered in an era of terabit DDoS attacks, with the largest one clocking in at 1.7Tbps, we've seen evidence that it will also prove to be a year faced with application-layer attacks as well.

Unlike volumetric attacks, which overwhelm networks quickly by consuming high levels of bandwidth, application-layer attacks are more subtle and insidious – and much more difficult to detect and block. The application-layer attack, sometimes called a Layer 7 attack, targets the top layer of the OSI model, which supports application and end-user processes. In these outbreaks, attackers pose as legitimate application users, targeting specific resources and services with repeated application requests that gradually increase in volume, eventually exhausting the ability of the resource to respond. Widely regarded as the deadliest kind of DDoS attack and often fueled by botnets such as Mirai and it's many successors, application-layer attacks can inflict significant damage with a much lower volume of traffic than a typical volumetric attack, making them difficult to detect and mitigate proactively with traditional ISP or cloud-based monitoring solutions. They have a singular goal: take out a website, application or online service. While service providers can detect and block volumetric attacks as well as larger application-layer attacks, smaller application attacks can easily escape detection in the large ISP backbone, while still being large enough to cause a problem for the enterprise network or data center.

Domain name system servers (DNS), the directories that route internet traffic to specific IP addresses, are the most common targets, and HTTP and secure HTTPS services are also targeted frequently, rendering them unavailable to legitimate requests. In fact, many business-critical applications are built on top of HTTP or HTTPS, making them vulnerable to this form of attack even though they may not look like traditional public web-based applications.

Best Practice DDoS Defense

To effectively detect and mitigate this type of attack in real time, what's needed is an inline, always-on solution deployed on-premise as part of a best-practice, hybrid DDoS defense strategy combining cloud-based and on-premise mitigation. An intelligent on-premise system will have the visibility and capacity to quickly detect and mitigate these stealthy, low-bandwidth attacks on its own, and early enough to avoid the need for cloud mitigation. Should the attack turn into a flood, the on-premise system can instantly activate cloud-based defenses through cloud signaling. Deploying any widely available on-premise component of a hybrid DDoS defense solution, including those from NETSCOUT, can mitigate the vast majority of application-layer attacks before they can do damage. For organizations facing budget and resource constraints, managed DDoS service options provide them with a means to save money, amplify in-house resources and reduce risk. Outsourced or in-house, a hybrid DDoS defense ensures detection and mitigation across the full spectrum of DDoS risks while protecting availability.

About the author: Hardik Modi is Senior Director, Threat Intelligence at NETSCOUT|Arbor. He is responsible for the Threat Research and Collections teams, ASERT and ATLAS, respectively. In this role, he drives the creation of security content for NETSCOUTs products, enabling best-in-class protection for users, as well as the continuous delivery and publication of impactful research across the DDoS and Intrusion landscapes.

Copyright 2010 Respective Author at Infosec Island

via Infosec Island Latest Articles https://ift.tt/2OqayFV
RSS Feed

If New feed item from http://www.infosecisland.com/rss.html, then send m


Unsubscribe from these notifications or sign in to manage your Email Applets.

IFTTT

Comments

Post a Comment

Popular posts from this blog

Evernote cuts staff as user growth stalls

Image
Note-taking app Evernote has fallen on hard times of late, culminating in its latest spate of job cuts impacting 15 percent of its workforce (54 employees). CEO Chris O' Neil -- an ex-Googler who took the reins in 2015 -- announced the firings at an all-hands meeting earlier today, reports TechCrunch . In a message on the Evernote blog , O' Neill admitted he'd set "incredibly aggressive goals" for the company in 2018. He continued: "Going forward, we are streamlining certain functions, like sales, so we can continue to speed up and scale others, like product development and engineering." The layoffs follow an exec exodus just weeks ago and the company's recent brand refresh (complete with a refined logo and wordmark). But critics are more concerned about its product, especially the free tier, which they claim lacks the perks to
Read more

The best air conditioner

Image
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic
Read more

We won't see a 'universal' vape oil cartridge anytime soon

Image
Pre-loaded cartridges of cannabis concentrate are currently among the most popular means of consumption, and for good reason. They're discreet to use and easy to handle, a far cry from the dark days of 2016 when we had to dribble hash oil or load wax into narrow-mouthed vape pens by hand. But, frustratingly, an ever increasing number of oil cartridge manufacturers employ one-off design standards so that their products won't work with those of their competitors, thereby locking customers into proprietary ecosystems. We've already seen this with nicotine vaporizers -- which has a seen a massive rise in "pod systems" in the last few years, each outfitted with a unique canister and battery built to be incompatible with those of their competition. Is it too late for the burgeoning cannabis industry to set a universal standard for their product designs?
Read more