John Pescatore - SANS Director of Emerging Security Trends
Don’t Forget About Being Prepared for Old-Fashioned DDoS Attacks!
This week’s Drilldown focuses on one item (included below) from NewsBites Issue 68, detailing a DDoS attack that shut down New Zealand’s stock exchange.
Most of the recent press attention has been going to ransomware, which is essentially a form of denial of service attack. However, good old-fashioned network-based DDoS attacks are still happening and have become more dangerous for two major reasons:
- A work-from-home (WFH) workforce can be completely disconnected from your VPN or other remote access solution if your internet connectivity succumbs to a DDoS attack.
- The growing use of cloud-based services (including SaaS) by both enterprises and their supply chain, raises the risk of disruption if a cloud service provider is hit by DDoS attacks--whether malicious or just demand-driven, as recently happened to Zoom.
Just like failover and emergency power systems are necessary for mission-critical services, and need to be tested regularly, the same is true for internet connectivity. Existing mechanisms for DDoS scrubbing or remediation should be reviewed with WFH and cloud/supply chain reliance included.
Many enterprises will be able to use DDoS-as-a-service capabilities from their ISP or external service providers. Others may need dedicated local DDoS scrubbing at key data center locations. DDoS capabilities should be tested at least annually or on the same schedule as UPS testing.
SANS has published a number of papers on approaches to DDoS risk reduction approaches--look here.
New Zealand Stock Exchange Struck by DDoS Attack
(August 26, 27 and 28, 2020)
The New Zealand stock exchange (NZX) has temporarily halted trading while it deals with the effects of a DDoS attack that hit its network on Tuesday, August 25. The attack is likely the work of a group that has been launching DDoS attacks against other high-profile financial service organizations, including MoneyGram, Worldpay, Venmo and PayPal. The group demands a ransom to be paid in Bitcoin to stop the attacks.
[Neely, Pescatore] The exchange was hit by this attack for four days running, including today, and is faced with the choice of paying the ransom or continuing to implement sufficient DDoS protections. Unlike 25 years ago, disconnecting the internet is no longer a viable option for most businesses. Assess and test your DDoS protections. Verify that your outsourced and cloud services are also adequately protected. Verify your plan of action in the event the protections fail.
Read more in:
ZDNet: New Zealand Stock Exchange suffers day four disruption following DDoS attacks
ZDNet: DDoS extortionists target NZX, Moneygram, Braintree, and other financial services
Bleeping Computer: New Zealand stock exchange halted trading after DDoS attacks
The Register: DDoS downs New Zealand stock exchange for third consecutive day
Reuters: New Zealand’s stock exchange not to reopen on Thursday after cyber attacks