African businesses beware! Everything you need to know about mitigating escalating DDoS cyberattacks
By Bryan Hamman, regional director: Africa, NETSCOUT
JOHANNESBURG – September 12, 2023 – As cyberattacks – in particular those of the Distributed Denial of Services (DDoS) variety – continue to rise at an unprecedented rate across Africa, it is no longer a question of ‘if’ your organisation will be targeted, but rather ‘when’. In fact, as recently as July and August this year, businesses across African countries such as Kenya, Nigeria and South Africa have all suffered the dire consequences of these incidents.
What is a DDoS attack?
A DDoS attack is an attempt to exhaust the resources available to an organisation’s network, systems, applications, content or services by bombarding it with fake traffic, meaning that genuine users are then unable to gain access. This type of attack is incredibly damaging to any business dependent on the internet to be able to function and, as we’ve seen in recent weeks across Africa, can affect organisations across every sector – from government to financial services, the media, telecommunications providers and more.
A business’s inability to withstand an attack and effectively and rapidly recover can be detrimental in multiple ways, with aftereffects including loss of revenue due to service downtime, compliance failures, negative impacts on brand reputation and public perception, as well as increased costs.
DDoS attacks are taking place continuously all over the globe, and so-called ‘bad actors’ are relentlessly improving their attack methods. This means that the ability of an organisation to maintain its availability and resilience in the face of an attack has become more important than ever before. A vital part of this is understanding the facts, risks and latest trends around them.
Four must-know facts about DDoS attacks
Fact one: Your cybersecurity solution might not cover all types of cyberattacks
Businesses may well have viruses and malware attacks covered but, as a type of attack that aims to overwhelm networks or servers with fake traffic, they must ask the question: “Do we have the right defences in place for something more sophisticated, like DDoS, that may not be classed as a ‘typical’ cyberattack?”
Fact two: Today’s DDoS attacks are becoming increasingly complex
At present, there are three main types of DDoS attacks:
· Volumetric attacks – designed to flood internet-facing circuits with illegitimate traffic, which might be easy to detect when larger. However, most volumetric attacks are under one gigabit per second in size and last for only a few minutes.
· State Exhaustion attacks – these aim to fill state tables in stateful devices, such as firewalls, VPN concentrators or load balancers, with illegitimate TCP connections. When these state tables fill, legitimate connects cease and the services behind these devices are no longer available – thus denying service.
· Application Layer attacks – these are much smaller sized, very hard to detect, and will slowly exhaust resources in application servers. When these application layer resources are exhausted, the application stops.
Fact three: ISPs will not be able to stop all DDoS attacks
An internet service provider (ISP) may be able to bring a larger volumetric attack to a halt, but it’s unlikely it will be able to detect those that are smaller and short-lived. The ISP will also probably struggle to identify State Exhaustion and Application Layer attacks before the damage is done.
Fact four: Having a firewall in place is not enough
There are several reasons why an organisation should not rely on firewalls alone. For instance, they offer only rudimentary DDoS attack protection, which impacts on the performance of more important functionality. A firewall will also not provide detailed visibility into dropped DDoS attack traffic, and has no way to intelligently communicate with a cloud-based scrubber solution for mitigation of large DDoS attacks.
Change and adapt… or suffer the consequences
It’s clear that organisations need to constantly refine their cyberdefence strategies to ensure that they are able to stop most attacks. Threat actors are persistently adapting their tactics, and as they cleverly up their game of attack, so too must smart defenders improve their defence positioning.
For African organisations of all sizes and across every sector, learning how to choose the right approach and solution for adaptive DDoS protection – one that meets your unique needs, aligns to the realities of modern attacks, and is built on industry-best practices and sophisticated solutions – is critical in order to ensure continued survival within the eye of the DDoS storm.
NETSCOUT helps customers all over the world defend themselves and mitigate the risk from DDoS attacks. For more information, please visit https://www.netscout.com/arbor
About NETSCOUT
NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) protects the connected world from cyberattacks and performance and availability disruptions through the company’s unique visibility platform and solutions powered by its pioneering deep packet inspection at scale technology. NETSCOUT serves the world’s largest enterprises, service providers, and public sector organizations. Learn more at www.netscout.com or follow @NETSCOUT on LinkedIn, Twitter, or Facebook.
©2023 NETSCOUT SYSTEMS, INC. All rights reserved. NETSCOUT, the NETSCOUT logo, Guardians of the Connected World, Visibility Without Borders, Adaptive Service Intelligence, Arbor, ATLAS, Cyber Threat Horizon, InfiniStream, nGenius, nGeniusONE, Omnis, and TrueCall are registered trademarks or trademarks of NETSCOUT SYSTEMS, INC., and/or its subsidiaries and/or affiliates in the USA and/or other countries. Third-party trademarks mentioned are the property of their respective owners.
Editorial contacts:
NETSCOUT, Bryan Hamman, bryan.hamman@netscout.com
icomm, Nicola Read, icomm@pr.co.za, +27 (0) 83 269 2227