Companies that do business on the internet or use network connections in any way, shape, or form are vulnerable to cyberattack. And let’s face it, that includes pretty much everyone these days. According to the 1H 2021 NETSCOUT Threat Intelligence Report, there were nearly 5.4 million distributed denial-of-service (DDoS) attacks in the first half of 2021.
But although the threat landscape is often discussed in terms of attack numbers, experts in threat intelligence tend to think in terms of people: the adversaries behind the attacks. During a recent NETSCOUT OnGuard webinar, a panel of security researchers from NETSCOUT’s threat intelligence team discussed the vital role threat intelligence plays in a modern cybersecurity strategy.
How Threat Intelligence Helps
When it comes to combatting distributed denial-of-service (DDoS) and ransomware attacks, threat intelligence is vital. According to Hardik Modi, associate vice president of threat and mitigation for NETSCOUT, threat intelligence is the study of the bad actors who perpetrate these attacks, along with the tactics and tools they use. “What we do collectively is study what our adversaries are doing, why they are doing it, and how they are doing it,” explained Modi. “Our objective is to gather threat intelligence that will better inform and protect our customers.”
“What we do at ASERT is study the attackers and the attack methodologies, homing in on the tactics they’re using and the types of targets that they’re going after,” added Richard Hummel, threat intelligence manager for NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT). “And then we turn that knowledge into actionable threat intelligence that is pushed out into our solutions, so our customers can have access to that expertise in such a way that they can use it to make forwarding or drop decisions about packets on their network in order to actively defend against those threats.”
That actionable insight is crucial for defending against DDoS attacks. There were more than 10 million DDoS attacks in 2020 alone, and that record-setting pace continued into 2021.
DDoS Extortion Attacks
One pernicious new form of attack recently on the rise DDoS extortion. In these cases, the attacker launches a demonstration attack against the victim and then follows up with an extortion demand. This demand typically states that the attacker has a lot more DDoS capacity and will direct that capacity at the victim if the extortion payment isn’t made. Indeed, respondents to the 16th annual Worldwide Infrastructure Security Report (WISR) reported a 125 percent increase in such attacks.
In the newest wrinkle, cyberattackers are using triple extortion tactics, combining data encryption, data exfiltration, and DDoS attacks to create a three-pronged attack that increases the likelihood of the victim complying with the ransom demand. In today’s increasingly fraught threat landscape, “Organizations have to be prepared to defend themselves against attacks 24 by 7 by 365,” explained Roland Dobbins, principal engineer of ASERT. This requires having a plan in place, successfully executing that plan, and regularly evaluating the effectiveness of the plan to strengthen it against subsequent attacks. The good news is, preparation pays off.
Modi suggested one additional consideration. “Ultimately, the fundamental aspect of DDoS defense is knowing your own network,” he concluded. “When it comes down to defending yourself, there’s information we can provide that is very useful, but a lot of it will come down to knowing what your services look like and what they depend on, and then using effective solutions to fine-tune the correct level of defense. Threat intelligence is essentially a way of testing your defenses, so you can enhance them.”
Read more in the 1H 2021 NETSCOUT Threat Intelligence Report