Cyber Defense eMagazine February Edition for 2023

More documents

Recommendations

Info

2023 DDoS Attack Predictions By Matthew Andriani, Founder and CEO, MazeBolt DDoS attacks remain a major threat to enterprises, as attacks continue to grow in frequency and sophistication. The DDoS attack surface is constantly expanding: the dynamic nature of cloud environments and the workflows that accompany them makes it easier for threat actors to bypass mitigation controls and launch attacks that severely impact an organization's uptime. On average, 60% of businesses lose over $120,000, and 15% of the business – well over $1 million and some over $3 billion in market CAP losses, for very short intermittent DDoS attacks. Below are key trends we’ve noticed in 2022 that are anticipated for 2023. Prediction 1: DDoS attack havoc will increase. From the ‘Overwatch 2’ gaming DDoS attack to the attack on Russia’s second-largest VTB bank, 2022 saw a variety of organizations suffering temporary outages. Heading into 2023, we will most likely see continued growth in DDoS attacks. A Cisco report predicts the total number of DDoS attacks will reach over 15 million by 2023, leaving organizations and customer data vulnerable. The proliferation of DDoSas-a-service subscriptions which, per the Microsoft Digital Defense Report 2022, can cost as little as 500 USD, makes it easier for threat actors to anonymously launch devastating attacks and disrupt businesses’ uptime. Although governments are already taking down DDoS-as-a-service operators, it’s a drop in the ocean, and most likely new sites will pop up. Unless organizations achieve true visibility into their dynamic DDoS attack surface and build DDoS resilience through vulnerability closure, this whack-a-mole game Cyber Defense eMagazine – February 2023 Edition 50 Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
etween governments and operators will bear little to no fruit in the prevention of successful DDoS attacks. In fact, it will encourage attackers to continue. Prediction 2: DDoS will become the weapon of choice for cyber-warfare. The Russia-Ukraine conflict taught us that attackers don’t need expensive and sophisticated anti-satellite weapon systems to cause chaos: In February, Russia launched a massive cyberattack against Viasat’s KA-SAT satellite internet network and took thousands of modems offline. According to a statement issued by the EU council, the attack “had a significant impact causing indiscriminate communication outages and disruptions across several public authorities, businesses, and users in Ukraine, as well as affecting several EU Member States.” DDoS attacks will turn into the weapon of mass disruption, and we’ll see more nation-state DDoS attacks unleashed – and probably more cyber carnage. Prediction 3: Layer players: multi-vector attacks will rise and be more automated. The DDoS vulnerability gap which exists in most organizations is huge. Automated sequences and switching attack vectors will become more frequent and sophisticated, it’s easy to implement and will increase an attacker's chances by 50% to 99% of succeeding in most cases. According to a quarterly study conducted by Lumen, in Q3 2022 alone, multi-vector attacks represented 40% of all DDoS attacks. As the dynamic DDoS attack surface keeps expanding, we’ll see more advanced attacks in relatively lower volumes and shorter frequencies that can easily bypass all layers of DDoS protections and inflict even more damage than traditional volumetric single-dimension attacks. Prediction 4: Extortion will rise. It’s pure economics and the incentive is too great. With DDoS-as-a-Service becoming so common and the attacks easily succeeding, combined with damages running into the billions of dollars, organizations, and insurance companies paying reasonable extortion demands; it’s likely many attackers already understand this. It’s hard to measure, as most companies being hit with a ransom DDoS attack do not report it. According to Cloudflare, 15% of their customers in Q3 2022 received a ransom note from attackers to stop the DDoS assault. This represents a 67% increase from 2021-2022 and will most likely continue to grow. Let's face it, if an attacker can drop a stock exchange, he or she can request a small fee for not doing so for days. Most CISOs, CEOs, and boards may pay a nominal fee. Prediction 5: Growing damages will increase demand for accountability and action. With more successful DDoS attacks wreaking havoc in organizations’ uptime, and damages impacting business’ bottom line, CISOs will seek a better understanding of their security investment and its impact. Furthermore, CISO’s and boards will demand more assurances for DDoS protection contracts purchased, as well as visibility into their DDoS resilience. Organizations will start to identify vulnerabilities and push Cyber Defense eMagazine – February 2023 Edition 51 Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2: Time to Build an Unhackable Interne
Page 3 and 4: Emerging API Security Trends: What
Page 5 and 6: @MILIEFSKY From the Publisher… De
Page 7 and 8: Welcome to CDM’s February 2023 Is
Page 9 and 10: Cyber Defense eMagazine - February
Page 33 and 34: Banco Banrisul’s thirty-six domai
Page 35 and 36: Why Cybersecurity Remains a Persist
Page 37 and 38: Robust Cybersecurity is Essential f
Page 39 and 40: 1. Facing the Cyber Crisis No compa
Page 41 and 42: About the Author Amitabh Sinha is t
Page 43 and 44: 1. Risk Assessment Government agenc
Page 45 and 46: 8. Incident Response Plan Preventio
Page 47 and 48: This is what happened to Dropbox la
Page 49: trust and growth, the board can hel
Page 53 and 54: Accelerating Machine Learning Advan
Page 55 and 56: Secondly, MLOps platforms record al
Page 57 and 58: Cybercriminals Are Ramping Up Their
Page 59 and 60: Organizations should follow best pr
Page 61 and 62: 7 Biggest Cyber Attacks of 2022 By
Page 63 and 64: 4. Ex-Amazon worker convicted over
Page 65 and 66: About Salt Communications Salt Comm
Page 67 and 68: saw this most recently through a ra
Page 69 and 70: CPRA/CCPA Compliance in A Cloud-Fir
Page 71 and 72: having an excessive amount of permi
Page 73 and 74: In the coming months and beyond, on
Page 75 and 76: Emerging API Security Trends: What
Page 77 and 78: malicious communication pattern thr
Page 79 and 80: Free Consumer Apps Are Not Safe for
Page 81 and 82: But simultaneously - and unlike ema
Page 83 and 84: lives and works. The topic is tough
Page 85 and 86: and tendencies. The good question h
Page 87 and 88: others or the situation among some
Page 89 and 90: eing pushed into heavy criminalitie
Page 91 and 92: preparing and analyzing such a coll
Page 93 and 94: words, behind those high-tech crimi
Page 95 and 96: always make new and new damage if t
Page 97 and 98: References: [1] Djekic, M. D., 2017
Page 99 and 100: How Government Agencies Can Leverag
Page 101 and 102:
The result leads to optimal perform
Page 103 and 104:
A linchpin of Biden’s cyber-defen
Page 105 and 106:
An effective observability platform
Page 107 and 108:
Section 3553(h) of title 44, U.S. C
Page 109 and 110:
Exchange (MX) and Name Service (NS)
Page 111 and 112:
Looking Ahead to 2023: Cyber Trends
Page 113 and 114:
we’re falling behind, especially
Page 115 and 116:
Old vulnerabilities are not being d
Page 117 and 118:
Insider Threats are a Primary Vulne
Page 119 and 120:
The first step in insider threat mi
Page 121 and 122:
“We’re happy to announce MIRACL
Page 123 and 124:
The organisers of Europe’s most i
Page 125 and 126:
usable by everyday people. I think
Page 127 and 128:
Quentyn Taylor, Senior Director Pro
Page 129 and 130:
SDR for Cyber Defense By Kaue Morce
Page 131 and 132:
Figure 2: Cyan SDR - from Per Vices
Page 133 and 134:
as it allows the SDR to capture and
Page 135 and 136:
Security at the Enterprise Edge: To
Page 137 and 138:
This behavior makes it essential to
Page 139 and 140:
Shields Up: Organizations Need to D
Page 141 and 142:
eport, domains with the terms “bi
Page 143 and 144:
The Anti-Fraud Frontline Predictive
Page 145 and 146:
Cloud vendors' features can be depl
Page 147 and 148:
About the author Ryohei Fujimaki, F
Page 149 and 150:
The resulting phishing sites mirror
Page 151 and 152:
The javascript code in which the da
Page 153 and 154:
The Top Secrets of CISOs By Pat McG
Page 155 and 156:
About the Author Pat has more than
Page 157 and 158:
The latest analysis shows that Nort
Page 159 and 160:
What Role Can AI Play in Data Objec
Page 161 and 162:
Avoiding bias Objectivity and credi
Page 163 and 164:
As more and more data moves to the
Page 165 and 166:
to know where a document or other r
Page 167 and 168:
Cyber Defense eMagazine - February
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
CyberDefense.TV now has 200 hotseat
Page 181 and 182:
Books by our Publisher: https://www
Page 183 and 184:
Page 185 and 186:
show all

Cyber Defense eMagazine February Edition for 2023

Create successful ePaper yourself

Delete template?

Save as template?