As if a global attack by the novel coronavirus weren’t bad enough, the number of distributed denial-of-service (DDoS) attacks are growing in response. From March 11 to April 11, our ASERT team observed more than 864,000 DDoS attacks, a number that has further skyrocketed over the course of the pandemic. (see chart.)
DDoS Attacks Increased During COVID-19
Source: NETSCOUT Cyber Threat Horizon
Here’s another chart to consider:
While no one would blame companies for being distracted during the pandemic, the need to remain vigilant and prepared to defend against cyberthreats is absolutely vital.
In a recent webinar on the importance of threat intelligence to prevent DDoS attacks, Tom Bienkowski, director of product marketing at NETSCOUT, explained the importance of situational awareness. “To be properly prepared, network and security operators need situational awareness,” he said. “According to Mica Endsley, who has written more than 200 papers on the topic, situational awareness breaks down into three segments—perception, comprehension, and projection.” Here’s how those segments apply to DDoS attacks:
- Perception of the elements in the environment. This means understanding the latest trends in DDoS attacks (for example, size, frequency, and complexity), as well as trends in local geography or industry sector.
- Comprehension of the situation. Here, operators will want to know what the most common DDoS attack vectors, tactics, and techniques are. They’ll also want to know how easy it is to launch a DDoS attack and what the motivations are, as well as the current best practices in DDoS-attack defense.
- Projection of future status. Lastly, operators will need to gain an understanding of the probabilities of being targeted, how prepared they are to defend themselves, and what the stakes are if they aren’t prepared.
Gaining Threat Visibility Over the Horizon
Bienkowski suggests it is crucial to gain visibility over the horizon. “The NETSCOUT Cyber Threat Horizon portal has been designed to give situational awareness with regard to DDoS attacks,” he said in his webinar. “This free threat intelligence tool lets operators look beyond their domain into DDoS attacks on a global basis that could potentially be a threat.”
The Cyber Threat Horizon portal provides visibility into DDoS attacks, both in real time and on a historical basis. Operators can see a live attack map that gives a view of DDoS attacks occurring at that very moment around the world. For managed security service providers who deliver or manage DDoS protection services for customers, the cyberthreat map not only helps them with situational awareness but also can be used for marketing purposes.
Operators can view historic events dating back to 2016 as well, and can replay attacks that NETSCOUT’s security threat intelligence team deemed interesting or notable. They can also access a summary report to look at the size, frequency, duration, origination, and destination of attacks.
The data within this tool is backed up by the Arbor Threat Level Analysis System (ATLAS), which gathers insights from nearly every major internet service provider’s network or major enterprise around the world. This data is gathered anonymously, offering a unique analysis of DDoS attacks on a global basis.
Stay on Top of Attacks with the Threat Intelligence Report
The Cyber Threat Horizon portal also offers free access to NETSCOUT’s biannual threat intelligence report. “If you’re a NetOps or SecOps team responsible for DDoS protection, you can leverage the Cyber Threat Horizon portal to gain invaluable knowledge, to understand what sort of threats are out there,” said Bienkowski. “This will enable risk teams to determine if they have proper protections in place.”
8. Call to Action
To gain situational awareness of DDoS atatcks that could impact your organization, sign up for advanced access to Cyber Threat Horizon at https://www.netscout.com/horizon