The Effects of DDoS Attacks on Essential Services
Public services continue to fall victim to distributed denial of service (DDoS) attacks with many industry experts, including Corero, predicting that this is going to get worse before it gets better. Our collective pessimism is being fuelled by dire warnings from government agencies that Nation State sponsored cyber-criminals are continuing to focus their efforts on penetrating critical national infrastructure systems, such as energy grids, nuclear facilities, transportation networks and even drinking water supplies. While motivations may not always be completely clear, the potential effect is an impact on security, economic stability, and even public health.
DDoS attacks can disrupt the availability of essential services we use as part of our everyday life. Previous reports have highlighted the dangers of infrastructure attacks, such as last October’s DDoS attacks against Swedish railway systems which disrupted travel. In addition, the WannaCry ransomware attacks in May last year demonstrated the potential volume and strength of cyberattacks on essential services and reduced people’s ability to access these services.
Only last month, a DDoS attack on Danish rail operator, DSB, paralyzed ticketing systems resulting in travel chaos.
The consequences of a successful DDoS attack against an enterprise can be dire – from financial costs to a negative impact on a brand’s reputation. However, when it comes to the systems that underpin our essential services, the impact from a successful attack can be devastating. For example, network downtime can have a serious economic impact as it can affect productivity, cause physical damage and could even endanger public safety.
Critical infrastructure systems at risk
In recent years, DDoS attacks have become more complex, with many combinations of different attack approaches, known as vectors, being used.
Indeed, the ability to take systems offline has never been easier as DDoS attack tools, whilst illegal in many countries, are readily accessible and inexpensive. So-called DDoS stresser or booter services are frequently enabled by large networks, known as botnets, of hijacked Internet of Things (IoT) devices.
Another serious concern is the number of Internet-connected systems and devices that either form part of or are connected to industrial control systems. As organizations become increasingly reliant on the convenience of Internet accessibility, the potential attack surface for damaging cyber-attacks, including DDoS, increases. As a result, organizations need to ensure they have adequate firewalls, access mechanisms and real-time protections in place to eliminate the Internet-borne threats to their control networks.
Critical infrastructure operators in energy, healthcare and transportation cannot leave DDoS attack resilience to chance. Corero’s recent Freedom of Information survey revealed that most UK critical infrastructure organisations (51%) are potentially vulnerable to these attacks. These organizations have failed to invest in technology that can detect and immediately mitigate short-duration DDoS attacks (i.e. those last less than 10 minutes) on their networks. Corero’s DDoS Trends Reports have long shown that these short duration, modestly scaled attacks dominate the threat landscape. Operators of essential services should not be complacent as even these short attacks can significantly impede service delivery.
NIS Regulations and best practices
On 10th May this year the EU NIS Directive became law in all 28 EU member states. The regulations require that operators of essential services “must take appropriate and proportionate technical and organisational measures to manage risks posed to the security of the network and information systems on which their essential service relies”. In the UK, the best practice guidance is stipulated by the National Cyber Security Centre (NCSC). The NIS Regulations arrive with a £17million big “stick fine” for those who fail. Hopefully, operators will see this as a “carrot” to upgrade their cyber-protection to defend against DDoS and other cyber-threats.
Contact us if you’d like to find out how Corero can help you prevent DDoS attacks impacting your ability to deliver service.