APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Symantec
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    Editor's Pick (1 - 4 )
    left
    Denial of Service Attacks- From Bandwidth to APIs

    Edward G.Amoroso,

    Where There's Smoke Theres A DDoS Attack

    Evgeny Vigovsky,

    5 Disruptive Trends to Traditional IT Operations

    Aaron Delp, Director of Technology Solutions, SolidFire

    Tapping the Cloud to Secure Financial Assets during Disaster Recovery

    Lisa Pope:SVP-Global Strategy & Sales, Infor CloudSuite

    DDoS: Are You Prepared?

    Robb Reck, CISO,

    Overcoming Enterprise Security Challenges with Continuous Monitoring in the Cloud

    Sumedh Thakar, Chief Product Officer, Qualys

    right

    Examining Past and Future DDoS Attacks: What Enterprises Can Do to Prepare

    Tammy Moskites, CIO/CISO, Venafi

    Tweet
    content-image

    Tammy Moskites, CIO/CISO, Venafi

    The Internet has technically been around since the 60’s, however academia has been using it since the 80s and commercial use actually began to grow rapidly in the 90’s. In the last 20 years the internet has grown over 100-times to well over 1/3 the world population. The history of cyber threats is quite incredible and extensive. From simple worms and viruses in the late 90s to more recent Advanced Persistent Threats (APTs) and state-sponsored attacks, one type of attack method remains tried and true: Distributed Denial-of-Service (DDoS) attacks. DDoS attacks, generally speaking, are a type of Denial of Service (DOS), which occurs when multiple systems are compromised and are often infected with a Trojan that is used to target a single system causing it to shut down or crash. They are also notably defined by the ease in which they can be executed.

    Gaining Notoriety

    DDoS attacks really came into the spotlight in 1999 with the first large-scale incident against the IRC server at the University of Minnesota. It left 227 systems affected, and the university’s server was rendered unusable for days. The attack also put DDoS on the map as an efficient tool for hackers. Immediately after the attack on the university occurred, there were a series of similar attacks at notable companies like Yahoo!, eBay, CNN, Amazon, and ZDNet. The consequences of these high-trafficked sites resulted in paralyzed systems, barring users from accessing their services for hours. Shockingly enough, the attacks were all brought down by a 15-year-old Canadian who called himself “Mafiaboy,” looking to show off his skills by infecting vulnerable hosts he found through network scans.

    Soon after these large scale DDoS attacks, cybercriminals learned a new method that leveraged the tool to disrupt systems and wreak even more havoc. The new method gained a lot of publicity in 2005 with an attack called the MyTob worm. This new DDoS attack opened a backdoor on infected MS Windows hosts that connected to a remote IRC server and waited for further instruction from command and control, while also self-propagating when rebooted and copying itself onto other network shares. Famously, this attack’s outbreak was covered live by CNN, even as the TV station’s own computers were affected. Cybercriminals began to threaten large corporations with DDoS attacks, extorting tens of thousands of dollars. Many companies paid out rather than risk inevitable customer attrition and loss of reputation since, at the time, there were no effective remediation plans in place.

    Hacktivism on the Rise

    Beyond monetary gain, soon hackers were seeking to disrupt government and corporate

    systems to make political statements and mobilize users to action through high-profile DDoS attacks. Although attacks brought on by political events and ideological issues were being launched for over a decade, in 2010, the media began to focus on these groups; one in particular called the “Electronic Disturbance Theater.” They made a name for themselves by developing a new DDoS called FloodNet, which was user-friendly and allowed anyone outside of the organization to join in on the attack by simply clicking the target you wished to attack from a drop down menu.

    The idea of allowing others outside of the collective to join was immediately evolved by the group known as “Anonymous.” They used the software Low Orbit Ion Cannon, which allowed participants to connect their computer to a vast network, creating voluntary botnets linked together, giving them an incredible amount of power to yield behind an attack. They used this tool when they executed the Operation Payback attack on Visa, MasterCard, PayPal, and other sites, after these credit card and banking institutions had terminated services with WikiLeaks.

    “Implement any DDoS prevention that your company's Internet Service Provider (ISP) offers-it will be able to scrub and clean your traffic in the cloud before allowing it onto your system”

    Attacks of the Future

    To fully see where DDoS attacks are heading in the future, we should first look back at one hacktivist group called “The Hacker’s Choice.” This group created a new type of DDoS attack in 2011, which exploited weaknesses in Se­cure Sockets Lay­ers (SSL) to kick a server off the Internet. This new tool gained a lot of interest because of its clear departure from a typical DDoS attack—it did not require any bandwidth, just a single attack computer. It was able to achieve this by enabling attackers to perform transport layer service (TLS)/SSL denial of service for hyper­text transfer protocol (HTTPS) websites, allowing immediate service interruptions. The group was hoping that this would bring attention to the features of SSL that they did not ap­prove of, and push for implementation of a new security mod­el that they deemed more adequate to protect citizens. This new tool for DDoS attacks did not gain much traction outside of the initial release in 2011, but it is incredibly important when considering protection for your network in the future.

    Earlier this year, on the heels of the Office of Personnel Management (OPM) breach, the Federal government mandated that all government websites must implement HTTPS-more encryption. To push this policy even further, Google encouraged TLS services by boosting SEO rankings for HTTPS services and programs like“Let’s Encrypt” launched, underscoring the importance of using encryption to protect data. However, what many don’t realize is that with more encryption, comes more opportunity for cybercriminals to mask their nefarious deeds. More encrypted traffic will require organizations to use more cryptographic keys and digital certificates to mount effective attacks.

    Moving forward, with the use of more encryp­tion, we do expect to see SSL/TLS DDoS attacks on the rise; however, there are precautions that can be taken by IT security teams:

    1. Make sure your network has more bandwidth than you think you will need. This will accommodate sudden and un­expected surges in traffic. Overprovision by 100 or 500 per­cent, which may not stop a DDoS attack, but could give your system more time to defend against an incoming attack.

    2. Implement any DDoS prevention that your company’s In­ternet Service Provider (ISP) offers–it will be able to scrub and clean your traffic in the cloud before allowing it onto your system.

    3. Make sure you have complete visibility of your network and monitor continuously to make sure that you have com­plete control over the traffic on your network.

    4. Scan regularly for expired digital certificates and crypto­graphic keys and revoke and replace them all immediately— especially in the wake of a data breach.

    5. Conduct Black Hole Filtering, which is a technique that provides the ability to drop undesirable traffic before it enters a protected network.

    6. Include DDoS attacks in your disaster recovery scenarios and test them annually.

    It’s important to keep in mind that the exact answer for your enterprise will vary depending on the type of DDoS attack you are experiencing, your network infrastructure, and security tools that are available to you. While cyber criminals continue to evolve their DDoS attack methods, enterprises should at least take comfort in knowing they can take these key steps to stave off these types of attacks, now and in the future.

    tag

    cyber criminals

    Cyber Threats

    Weekly Brief

    loading
    ON THE DECK

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Artificial Intelligence - Myths And Truths

    Artificial Intelligence - Myths And Truths

    Geraldo Pereira Junior, Chief Information Officer, Ypê
    Sustainable Future through Innovative Technology Solutions

    Sustainable Future through Innovative Technology Solutions

    Faisal Parvez, Director, BT Business CIO
    The Future Relies on Augmented AI

    The Future Relies on Augmented AI

    Laurent Fresnel, CIO, The Star Entertainment Group
    Digitalization with the use of digital technologies/Improving business through digital technologies

    Digitalization with the use of digital technologies/Improving business through digital technologies

    Wilbertus Darmadi, CIO, Toyota Astra Motor
    How Marco's Pizza Leaned On Technology To Succeed Amid The Pandemic By Quickly Pivoting To Contact-Free Delivery And Curbside Carryout

    How Marco's Pizza Leaned On Technology To Succeed Amid The Pandemic By Quickly Pivoting To Contact-Free Delivery And Curbside Carryout

    Rick Stanbridge, VP & Chief Information Officer, Marco’s Pizza
    Bunnings  Diy Digital Transformation

    Bunnings Diy Digital Transformation

    Leah Balter, Chief Information Officer, Bunnings
    For a Smarter City: Trust the Data, Ignore the Hype

    For a Smarter City: Trust the Data, Ignore the Hype

    Brad Dunkle, Deputy CIO, City of Charlotte
    Smart Community Innovation for the Post Pandemic

    Smart Community Innovation for the Post Pandemic

    Harry Meier, Deputy Cio for Innovation, Department of Innovation and Technology, City of Mesa
    Loading...
    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://symantec.apacciooutlook.com/ciospeaks/examining-past-and-future-ddos-attacks-what-enterprises-can-do-to-prepare-nwid-1457.html