Direct-Path and Dynamic Adaptive Attacks Give DDoS a New Destructive Face

How to defend against attacks designed to evade existing defenses.

Black background with red digital numbers through and foreground is half skull

Distributed denial-of-service (DDoS) attacks are again on the rise, and they’re getting very good at evading even the best-thought-out defense strategies—putting your organization at an even higher risk.
 From artificial intelligence (AI) to K-Pop, many things, given time, get bigger and better. This is true, in a negative way, for the DDoS attack realm. Attackers are now monitoring networks and running reconnaissance during an attack to understand what’s working or not and changing tactics to avoid detection or distract their target defenses.

The Importance of Adaptive Defense

This behavior reminds me of how attackers approached and adapted to changes in defensive walls employed to protect a region from invading hoards. A great example is the Great Wall of China.

Like protecting a network, protecting a region as big as China was complex. The Great Wall eventually was made up of defensive walls, passes, and watchtowers—each with a specific purpose. Defensive walls blocked enemies from agricultural regions and the towns that supported them while also providing safe transport for soldiers and supplies during battles. Passes were employed to station troops and protect important military points along the defensive walls. Towers were used to send military messages and keep watch on enemies from higher vantage points, all while providing shelter and storage of daily necessities for soldiers on guard.

However, this was not always the case. Many of these additions were put in place because the attackers were changing their methods of attack over time. Initially, there were only defensive walls and a limited number of guards. Attackers simply constructed ladders to breach the walls where there were no patrols. Due to this, China adjusted its strategy and installed more guards to patrol walls and added passes to house them so they did not have to go home. The attackers adapted by watching and timing patrols so they could breach when a portion of the defensive wall was not patrolled.

Another version of this type of attack was to distract the guards to one point in the wall and then attack the area from which the guards were lured, which was now unprotected. So, China added 25,000 watch towers, spaced a couple of miles apart. These watch towers gave the guards a higher vantage point from which to observe enemies and their movements and provided a space to send signals from tower to tower, with smoke in the day and fire at night, to ensure guard coverage where enemy activity was seen—distraction or not.

Repeating History with DDoS

This is precisely what is occurring in the current DDoS attack area. Attackers are probing networks as they are attacking them to gain an understanding of gaps in security. Once identified, they will attack those vulnerabilities with different attacks and vectors, some as distractions and some as real attacks, to eventually gain access to their desired target.

Graph showing breakdown of multi-vector attacks

Defending this type of attack requires three things: A resilient edge defense solution that sees all traffic inbound and outbound that is currently traversing your internet circuit; an understanding of recognized attack vectors, behaviors, and patterns of known botnets and bad actors; and a precise knowledge of which of these is currently participating in an attack somewhere around the globe. With this information, an organization can gain an understanding of an attack and the countermeasures required to mitigate it while also being able to change defenses automatically when the attack changes.

The Future: Adaptive DDoS Protection

The new release of NETSCOUT’S Arbor Edge Defense (AED) and Arbor Enterprise Manager (AEM) is the impenetrable solution that sits on the edge of your network between the router and the firewall and sees all traffic both inbound and outbound. AED is supplied with best-of-breed threat intelligence via the NETSCOUT ATLAS Intelligence Feed (AIF) gained from two decades of experience mitigating attacks on some of the most complex networks in the world. This intelligence contains comprehensive lists of currently active botnets, bad actors, attack behaviors, and patterns to compare with current traffic traversing your network and provide automated countermeasures to knock the attacks down. As these attacks change vectors and behaviors, AED analyzes the traffic again and provides additional measures to protect your network. This is adaptive DDoS protection.

As the adage “Those that fail to learn from history are doomed to repeat it” indicates, we need to look back to understand how to defend our perimeters.  We can learn a lot from how the soldiers behind the Great Wall prepared for attacks, ensured they had the required resources, changed defenses as attacks changed, and protected their walls. This is how we have to protect our networks in today’s DDoS environment with adaptive DDoS protection.

Learn more about adaptive DDoS protection.