Understanding the current cyberthreat landscape and your organization’s level of protection is critical when it comes to avoiding disruptions from growing threats, such as DDoS (Distributed Denial of Service) attacks. Conducting security research and testing tools are an important part of this understanding. But are our security researchers unwittingly arming the cybercriminals?
With open-source security tools and threat intelligence readily available to help IT organizations: it is guaranteed that these resources also end up in the hands of cyber attackers. The question is whether these resources pose a real threat to your IT security and if there is anything your organization can do.
Penetration Testing Tools used by Cybercriminals
Cybercriminals often leverage open-source security tools as they are widely used and provide legitimacy across organizations. Threat actors can readily repurpose these tools. For example, to launch damaging DDoS attacks against target networks
Penetration testing tools Cobalt Strike and Metasploit are the two most common technologies for cybercriminals hosting command and control servers. Together, they were responsible for 24% of the C&C servers used in 2020. The Muddywater APT group also made use of Cobalt Strike, to target Windows systems with a GitHub-hosted malicious PowerShell to decode the script.
There is little that can be done at the organizational level to prevent cybercriminals from taking advantage of the same tools we use, making it imperative for organizations around the globe to invest in proper security measuresEven AWS has a large number of C&C servers being hosted on their infrastructure.
Threat Reports Deliver Actionable Intelligence
Threat Intelligence reports provide helpful insights into new attack vectors, trends and common security threats and allow your organization to adjust your security accordingly. However, they aren’t as useful to cybercriminals as you might think.
In July 2020, the FBI warned of four new DDoS attack vectors to safeguard against. Interestingly, Corero’s threat intelligence data showed that those DDoS vectors were already active, 12 months before the FBI’s alert, and continued to grow in use through 2020.
While some cybercriminals may benefit from the insight threat intelligence reports provide into new attack vectors and DDoS trends, by the time these reports come out the attacks are already well known across the cybercriminal community., . . However, this does make it even more important for IT organizations to immediately respond to any new intelligence provided by threat reports, as they come out, as the cybercriminals are almost certainly already exploiting it.
Importance of DDoS Attack Detection and Mitigation
The resources mentioned above have helped to make it extremely easy and cheap for cybercriminals to launch damaging DDoS attacks. Since cybercriminals have access to the same security research and threat emulation software as the IT organizations trying to defend against them, awareness alone is not a practical countermeasure for DDoS attacks. While it is important to understand how a DDoS event can negatively impact revenue and cause damage to brand reputation, the only way to prevent its damage is by having an automated, real-time solution in place. With attacks continuing to increase in sophistication, they are increasingly challenging for legacy DDoS mitigation tools to deal with effectively. In today’s internet dependent world, organizations should not risk facing a DDoS attack unprotected. With the increasing volume of attacks organizations now face and the damage even a few minutes of downtime can do, the focus needs to be on time-to-mitigation. Even a 10-minute DDoS attack, which accounted for 86% of attacks in 2020, could be extremely costly to your organization.
With some minor help from security researchers, cyberattacks are more sophisticated than ever. However, by using the latest tools to secure your infrastructure, and focusing on real-time protection, you can limit the damage these enemies can inflict.
Corero Network Security is a global leader in real-time, high-performance, automatic DDoS defense solutions. Corero’s industry leading SmartWall and SecureWatch technology protects on-premise, cloud, virtual and hybrid environments with a scalable solution that delivers a more cost-effective economic model than ever before. For more on Corero’s flexible deployment models, click here. If you’d like to learn more, please contact us.