In March 2017, the largest DDoS attack ever recorded took place. Weighing in at an unprecedented 1.7 Tbps, this DDoS attack set a new benchmark in terms of scale and occurred just weeks after another DDoS attack had claimed the title of ‘the world’s largest’.
While large-scale, volumetric attacks like this aren’t uncommon, the fact they are continuing to grow highlights that they are still very much part of an attacker’s toolkit today.
However, the real problem with these massive DDoS attacks is that they are often used as a smokescreen to hide other, more nefarious, activities. This reality, known as Dark DDoS, is one that’s becoming increasingly common, which is why organizations need to sit up and take note when it comes to protecting their web-facing assets – including the growing threat of layer 7 DDoS attacks.
Layer 7 DDoS attacks target the uppermost layer (the application layer) of an organization’s network stack. Unlike their larger volumetric siblings, layer 7 DDoS attacks are often difficult to spot and, unfortunately, even more difficult to mitigate.
What’s most worrying of all, though, is that these malware injections often occur when an organization’s IT resources are focusing on the larger DDoS attack that’s taking place. These unscrupulous individuals sneak in and inject malware so that data can be independently mined while a business thinks it’s being stored safely. They are often in and out before a Web Application Firewall (WAF) is back up and running following a reboot to alleviate the effects of the DDoS attack.
TalkTalk, Yahoo and Bell Canada have all been victims of attacks like this, the financial consequences of which (in TalkTalk’s case) ran to more than £60 million.
Don’t Risk Getting Alert Fatigue
One of the biggest problems we’ve identified with traditional DDoS protection techniques and solutions is the phenomenon of alert fatigue. This occurs when a WAF has been implemented and its rules are initially set to ‘alert only’. The WAF does its job and alerts every time a suspicious piece of traffic is detected.
The big problem with this is that it’s the organization’s internal IT team who are usually tasked with checking these alerts and weeding out all the false positives. Obviously, this isn’t the best use of their time and can lead to internal IT professionals adopting a negative view of the WAF.
In some cases, alerts get ignored, which isn’t good, but in extreme circumstances they get switched off altogether! You’re then left with a perfectly able WAF that’s not being utilized because it wasn’t configured correctly from the outset.
So, what’s the solution to the layer 7 DDoS attack conundrum?
Fortunately, businesses can now take advantage of holistic, end-to-end web application security solutions to keep their valuable web-facing assets safe. These built for purpose solutions, which are usually provided on a platform-as-a-service basis, have few barriers to entry as they don’t require large capital investments.
To discover more about layer 7 DDoS attacks (including how prevalent they are), the problems that plague traditional security solutions and what you can do to keep your web-facing assets secure, download out latest IT security whitepaper, “Application Protection: Where Cybercrime is Heading & How to Prevent it Impacting Your Organization,” now.