While ransomware has long been the “talk of town” in cybersecurity, the so-called DDoS attacks have flown under the radar.
But they are far from gone – on the contrary, they have become more advanced, and it is especially the health and telecommunications sectors that are at risk.
Where DDoS attacks used to be about damaging a company or organization by overloading and thus shutting down, for example, websites, mail servers or routers, today hackers demand a ransom to stop the attack. Another common method is to use DDoS attacks as a diversionary maneuver that keeps the IT departments busy while the attackers work with ransomware or try to steal data.
– “Companies today may tend to have too narrow a focus on one type of attack. But unfortunately, the reality is far more complex, and it is necessary to work with several parallel threats – and ‘old’ attack methods can especially come back in a new guise, “says Peter Gustafsson, Nordic head of Barracuda Networks.
New type of attack does not require a large botnet
The so-called Black Storm attacks are particularly dangerous for telecommunications providers. This type of attack does not require the attacker to use a large botnet and is therefore relatively easy to execute. In a Black Storm attack, the attacker sends User Datagram Protocol (UDP) requests to many devices and servers on a network. The request is “spoofed”, ie. disguised and it looks like it is coming from other devices on the same network.
“Black Storm attacks trigger a kind of snowball effect, which with a storm of internal data traffic can quickly knock out a telecommunications provider. Although the method has so far only been described in trials, companies should be prepared for the attackers to strike in real life, ”says Peter Gustafsson.
The healthcare sector is also a target. In the wake of the pandemic, the increased use of homework and online booking and answering services combined with poorly protected IoT devices has created a dangerous cocktail that could easily become the target of DDoS attacks.
Criminals exploit devices without updates
The newly discovered Meris botnet, which consists of approx. 250,000 compromised devices have also become a tool for DDoS attacks. The majority of these devices are not computers, but routers, switches, Wi-Fi access points and other devices sold by a single Latvian company MicroTik. Although MicroTik discovered and corrected the current vulnerability back in 2018, due to the nature of the devices, users are rarely in contact with MicroTik, and most have not made the necessary updates. And that has made MicroTik’s devices a tool in the hands of cybercriminals.
“Although the DDoS attacks remind us of how complicated everyday life has become for IT security managers, today there are good opportunities to stop this type of attack in time. It requires companies to work with a modern application and security structure that actively protects against DDoS attacks, ”concludes Peter Gustafsson.
Source: IT-Kanalen by it-kanalen.dk.
*The article has been translated based on the content of IT-Kanalen by it-kanalen.dk. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!