DDoS Attacks: A Threat to Corporate IT Security

Next to ransomware, which has been at the heart of cybersecurity concerns in recent years, distributed denial of service (DDoS) attacks are an equally crucial cyber threat for companies. The figures speak for themselves: 5.4 million DDoS attacks were recorded worldwide in the first half of 2022.

They generally aim to make a data center inaccessible. The company's website and applications are suddenly blocked until the attack stops. These attacks should not be taken lightly, and it is crucial to guard against them to protect business activity.

DDoS Attack: How Does It Work?

Like ransomware, a distributed denial of service attack aims to slow down or block a company's IS. 

However, a DDoS attack does not rely on a virus; it consists of simultaneously sending a massive number of requests to a target (a data center, a website, an app, an internet box, etc.), thanks to a network of machines connected to the Internet (PCs, servers, linked objects, etc.) which have been previously compromised.

Overwhelmed by this massive sending of data (up to several GB), the company's IT infrastructure is saturated and finds itself unable to respond to legitimate requests. Concretely, a website that undergoes this type of attack becomes inaccessible.

There are three main categories of DDoS attacks:

1. Volume-Based Attacks: Also called "flooding," these DDoS attacks rely on a large volume of traffic to the target.
2. Protocol Attacks: these DDoS attacks specifically target a protocol (ping, TCP) and aim to saturate it to make a server, router, or firewall unavailable.
3. Application Attacks: Also called "layer seven attacks, " target an application (generally the web) by exploiting a weakness in its operation to load it heavily, going so far as to put it at fault. These attacks require relatively low web traffic and are, therefore, more difficult to detect. 

 Volumetric attacks are the most common. According to an F5 Labs study from May 2022, these represent up to 73% of all incidents reported between January 2021 and March 2022. Far ahead of protocol and application attacks.

A Simple Attack to Implement

Denial of service attacks is among the least sophisticated cyberattacks. However, they represent a significant threat due to their simplicity of implementation.

It's a simple and inexpensive way to jam the digital cogs of a business. For example, 500 Mb/s of data targeting a server can be enough to make it inaccessible.

 In addition, any cybercriminal can rent the services of "DDoS As a Service" platforms and parks of pre-infected PCs to launch their offensive: one-hour rental at $5 to send several GB of requests and perform considerable damage.

A Growing Threat

DDoS attacks target any organization and are increasing in number year after year. The latest Lumen report compiled in Q3 2021 shows a 35% increase in these attacks compared to the previous quarter. These use more and more bandwidth, 612 Gb / s for the largest, according to Lumen.

Figures corroborated by a Netscout study, which indicates that nearly 5.4 million attacks were detected in the first half of 2021, an 11% increase compared to 2020.

The average duration of an attack is less than 10 minutes. However, this can be repeated at regular intervals. Lumen reports a series of attacks lasting 14 days in a row.

Unencrypted Sensitive Data

Many companies benefit from the promises of the Cloud without seriously worrying about securing them.

A Research report reveals that half of the companies surveyed store at least 40% of their data there, most of the time without encryption. 

In the event of an attack, stealing sensitive data is child's play for any hacker, especially when employees inadvertently share this data in public.

ETIs Unprepared for This Type of Attack

A denial-of-service attack can target any business. ETIs are often targeted because of their lack of anticipation of this threat.

Prioritize Services and Components to Protect

DDoS attacks are preventable. The company must first carry out a risk analysis and prioritize the services and components to be protected (data center, online store, apps, etc.). Indeed, it is illusory to want to preserve everything for cost reasons.

Securing the Cloud: The Criteria to Consider

Companies that adopt SaaS and IaaS services have every interest in adopting end-to-end security, with protections adapted to all outsourced elements: applications, data, networks, etc.

In the case of software as a service (SaaS), remote applications in the Cloud are accessible on any terminal (fixed or mobile) after validation of the connection identifier. Securing access is essential here since it opens the door to sensitive company data.

The infrastructure-as-a-service (IaaS) mode security criteria must cover web or file servers, networks, and data storage, in addition to securing access.

Ideally, the service provider must be certified (ISO 27001, HDS, SecNum Cloud, etc.) because it is responsible for the security of its equipment on which its customers' physical infrastructure is hosted. Deposit must be present from end to end, both on the client side and the external provider side.

SaaS Applications at the Heart of Data Security

Access security tools in SaaS mode are based on complementary technologies that reduce the risk of successful attacks.

The first service is called CASB (Cloud Access Security Broker). It is a software specialized in end-to-end data security, from the Cloud to the terminal. Thanks to it, the DSI can control user access, analyze their behavior, detect threats, and activate security alerts.

The second barrier that can be implemented concerns the strong authentication of employees through three tools:

1. The first is called Single Sign-On (SSO). It connects a recognized unique identifier to multiple applications.
2. The second, Identity and Access Management (IAM), authorizes a single repository to manage the access and rights of employees in the IS.
3. The latest identification technology, known as Multi-Factor Authentication (MFA), adds a layer of security in the form of double authentication (biometric authentication security key, short digital code, etc.).

Zero Trust Network Access (ZTNA) 's latest security model does not trust any connection request. Authorizations are issued at the level of each application, the employee only having access to his scope of work. 

In addition, the ZTNA includes a compliance check of the terminals (update level, active protection) before delivering the precious sesame.

Protect Your Private Cloud and Data Center

When a company trusts an external service provider to host and manage its data, it must ensure that it has the appropriate security technologies or, in the case of IAAS, to activate them by itself.

The protection must include a firewall, an IPS, and a Web Application Firewall (WAF) to counter intrusion attempts on its web servers.

To quickly detect any configuration or management error by the customer, the service provider must have CSPM (Cloud Security Posture Management) tools to identify and prevent these risks proactively. 

To limit attempted attacks to make your applications unavailable, go to Anti-DDOS (deny of service) solutions. 

The company can supplement its Cloud security with a Data Loss Prevention (DLP) service. This will block an unauthorized collaborator's transfer or sharing of sensitive elements. 

For example, the latter will not be able to deposit a company file on his personal Dropbox account.

Whether the company chooses to deport all or part of its data to the Cloud, it must be sure that the completeness of the security solutions applies through proven technologies.

The external service provider must be able to provide him with flexibility and H24 security by guaranteeing the security of data and systems, allowing him to know the state of security in real time, and learning how to detect and monitor unexpected events quickly. 

SFR Business offers this through its standardized and simplified security offers for medium-sized companies and large accounts.

Anti-DDoS Solutions Adapted to ETIs and Large Accounts

SFR Business, a security integrator, can be a privileged partner to protect the company from cyber threats. 

Anti-DDoS protection solutions include placing probes upstream of the customer's Internet access and monitoring incoming data volume. 

As soon as abnormal behavior is reported, traffic is redirected to a cleaning platform that filters out illegitimate flows. Only legitimate streams are sent to the company.

Particularly effective against volumetric attacks, these solutions are suitable for ETIs because they require less maintenance and technical knowledge on the part of the customer and act upstream of potential congestion points.