How to deal with the growing menace of DDoS attacks in the Middle East

Any CISO or security professional who has put in a few years in the profession knows the sinking feeling that comes when they receive an alert or a notification informing them that their systems and network are being targeted by a distributed denial of service (DDoS) attack. This feeling unfortunately is becoming more and more common as DDoS attacks have become a major problem in the Middle East, with attackers realizing the exponential damage they can do in the era of remote working and the expanded attack surface that it provides.

To put things into perspective, Help AG, the cybersecurity arm of Etisalat Digital, reported in their State of the Market Report 2021 that there were more than 10 million DDoS attacks globally last year, with the UAE seeing a 183% spike to 110,000 attacks — a staggering increase.

In addition, a recent survey by A10 networks to understand the concerns of communication service providers in the new post-COVID world yielded some interesting results, especially from the Middle East. More than half of the service providers in the Middle East have fast-tracked their security investments, with DDoS mitigation the highest priority, according to the report.

What is DDoS?

DDoS attacks, for the uninitiated, are the cyber-crime equivalent of a hostage situation as criminals will provide a list of demands to be met at the threat of bringing down your network with a massive amount of traffic, rendering it useless. The demands can be monetary or even political in nature, but the threat remains the same.

More often than not, tech leaders whose companies have been hit by DDoS attacks have to hope that the attacks will not swamp their systems, and that their cyber-security defences will be robust enough to absorb and repel the attack. In a worst-case scenario, the DDoS attack will be successful, bringing business to a screeching halt and damaging revenue as well as the company’s reputation.

Threatened sectors include oil and gas

Sectors such as government, oil and gas (a huge revenue driver for the Middle East) and healthcare are especially at risk due to the very nature of the services they provide, and have been the most common target by criminals.

The damage which DDoS attacks can do cannot be underestimated, and along with ransomware attacks, have become the most common attack in the Middle East. DDoS attacks have evolved not just in volume but also in technique as attackers try to mix it up with a variety of techniques and target multiple areas simultaneously to bypass controls in place.

In addition to the obvious financial and reputational damage, there is also the additional risk that DDoS attacks are simply a cover to divert attention away from more malicious activities. HelpAG, in their report, also noted that criminals have used DDoS attacks as simply a smoke screen to divert security teams while they have successfully infected their organisations with ransomware. The high rate of success of ransomware attacks means that DDoS attacks will continue to increase not just as a direct threat but also as an indirect accomplice to ransomware attacks.

Given the rapid rate of digitization and connectivity which the Middle East is heading towards, DDoS attacks pose a major threat to governments in realizing the full potential of their technology vision.

In order for organisations to survive this threat environment, here are a few essential action points that should be on the agenda of every organization in the Middle East:

Architect your network against DDoS attacks

Before investing in costly solutions, cyber-security experts should sit down with the network teams and identify key areas that are vulnerable and can be targeted, as often there will be blind spots which an organisation is completely aware of until they are hit with an attack. Trace and identify those points and consider moving them out of your data centre if possible if they are deemed to be high-value targets for attackers. While most network hardware today comes with standard DDoS controls they are usually limited in their mitigation capabilities.

Hence, consider leveraging the cloud for DDoS mitigation as much as possible, as you can use its massive computing power and bandwidth to absorb much of the attack before it even touches your data center. Cloud-based DDoS solutions usually have a team of experts supporting them and can also cut down on an organisation’s onboarding time in case of an actual DDoS incident where time is of the essence. Given the massive volume which attackers can generate nowadays, organisations need to implement a hybrid approach and not depend solely on on-premises hardware.

Invest in threat intel

Detecting signs of a DDoS attack early on can mean the key difference between a successful defence or your business being breached. Investing in network-monitoring tools and threat intel will immediately inform you of tell-tale signs before and during a suspected DDoS threat. Something as seemingly innocent as a network scan of your public website can be a precursor to a much larger threat and will go undetected unless you have a proper threat intel service linking these events at the network, application and user level to form a larger picture. A lot of times a ransom note to an organisation’s public forum or email address will get disregarded unless there are other threat indicators informing the teams to be on high alert.

Develop a practical DDOS response plan

Once you have completed the previous activities, draft a light-weight and practical DDoS plan, keeping in mind that no one will have the time to sift through pages and pages in the event of an actual attack. The plan should empower the teams to know exactly what to do and whom to contact when a DDoS happens along with how to deal with extortion demands. Also remember that a DDoS response plan which is not tested is simply a document with assumptions in place that can prove fatal in an actual scenario where there is zero room for error.

DDoS attacks are now a standard part of the threat landscape in the Middle East and everyone from the board to your network administrator needs to recognize this reality. These attacks, whether standalone or in conjunction with other attacks like ransomware, will continue to evolve and no business can afford to be complacent. Standard network controls like firewalls and load balancers will no longer suffice against these advanced threats and board level support and recognition along with a multi-layered DDoS mitigation strategy needs to be on the agenda for all businesses with an online presence in this region in order to stay protected.

(Taimur Ijlal is an information security and data protection professional with more than 18 years of experience in cybersecurity, enterprise risk assessment and cloud technology.)