DDOS threats on the rise in EMEA

Regina Pazvakavambwa
By Regina Pazvakavambwa, ITWeb portals journalist.
Johannesburg, 21 Feb 2018
Attack vectors and tactics will only continue to evolve in EMEA, says F5.
Attack vectors and tactics will only continue to evolve in EMEA, says F5.

The Europe, Middle East and Africa (EMEA) region experiences more than half of the world's distributed denial of service (DDOS) attacks.

This is according to an analysis from F5 Labs' Poland-based Security Operations Centre, which found there was 64% rise in DDOS attacks in 2017. More than 51% of these attacks were targeted at companies based in EMEA countries, and 66% involved multiple attack vectors, requiring sophisticated mitigation tools and knowledge, says F5.

Reflecting the spike in activity, F5 reported a 100% growth for EMEA customers deploying Web application firewall technology in the past year. Meanwhile, anti-fraud solutions' adoption increased by 76% and DDOS by 58%, it says.

F5 says a key discovery was the relative drop in power for single attacks - in 2016, the F5 SOC logged multiple attacks of over 100Gbps, with some surpassing 400Gbps and in 2017, the top attack stood at 62Gbps.

This suggests a move towards more sophisticated layer 7 (application layer) DDOS attacks that are potentially more effective and have lower bandwidth requirements, it says.

"DDOS threats are on the rise in EMEA compared to the rest of the world, and we're seeing notable changes in their scope and sophistication compared to 2016," says Martin Walshaw, senior network engineer at F5 Networks. Walshaw notes attack vectors and tactics will only continue to evolve in EMEA.

"Businesses need to be aware of the shift and ensure, as a matter of priority, that the right solutions are in place to halt DDOS attacks before they reach applications and adversely impact on business operations. EMEA is clearly a hotspot for attacks on a global scale, so there is minimal scope for the region's decision-makers to take their eyes off the ball."

DDOS attacks are growing in volume, sophistication, and frequency, and any online business is a target, says Frost & Sullivan adding as a result, DDOS mitigation solutions are in high demand. However, new attack techniques, growing bandwidth needs, the Internet of things, and other IT trends will have a profound impact on the development of this high growth market, notes Frost & Sullivan.

Globally, besides the various battles with Trojan-infested botnets, the last three months of 2017 were dominated by three main DDOS trends: politically motivated attacks, attempts to cash in on the soaring price of Bitcoin, and tougher law enforcement, says Kaspersky Lab.

The security company says when it came to the duration of DDOS attacks via botnets, the longest attack in the final months of 2017 lasted only 146 hours. The victim was a site belonging to a Chinese company that teaches how to cook traditional Asian food.

However, it says the reasons behind the most notorious attacks in the reporting period were political (for example, DDOS attacks targeted the Czech statistical office and the site of the Spanish Constitutional Court), as well as attempts to profit from changes in the Bitcoin exchange rate (BTG Web sites and the Bitcoin exchange Bitfinex were subjected to attacks).

A DDOS attack isn't always a way of earning money or causing trouble for the owners of Internet resources - it can also be an accidental side effect, says Kaspersky Lab.

For instance, in December, an extensive 'DDOS attack' on the DNS servers of the RU national domain zone was caused by a modification to the Lethic spambot, it adds.

It appears that due to a developer error, the Trojan created a vast number of requests to non-existent domains and ended up producing the effect of a massive DDOS attack, says Kaspersky.

The prevalence of DDOS attacks grew 10% in 2017, hitting nearly two in five businesses, says Radware report. One in six suffered an attack by an IOT botnet and 68% of attacks resulted in a service degradation or complete outage, it says.