‘DDoS attacks are often used as a distraction tactic’

NSFOCUS, a global provider of intelligent hybrid security solutions, last month launched its Global Threat Intelligence platform. In the world of cyber attacks, 2016 may go on record as the worst year the enterprise has ever seen. With more than 18 million samples of known malware, the first DDoS attack exceeding 1 TBps, ransomware attacks using municipal and industrial IoT devices, and predictions of global annual cybercrime costs reaching $6 trillion by 2021, keeping pace with the evolving threat landscape is a daunting task.

The company says the Global Threat Intelligence platform has been designed to help organizations improve their situational awareness and enterprise security posture – delivering both strategic and tactical intelligence, and providing organizations with a complete view of the global threat landscape, including China.

“As the only company with threat intelligence data feeds from China, NSFOCUS provides our customers with complete global coverage to support their current threat intel strategy,” said Guy Rosefelt, Director for Web Security Product Management at NSFOCUS.

In an interview with Networks Asia, Rosefelt noted that the problem most organisations and governments face with subscriptions to commercial and open-source threat intel feeds is that unfortunately, they are missing threat intelligence from a considerable portion of the world.

“Many studies indicate that up to 40% of the world’s cyber-attacks originate from China. When considering how comprehensive a threat intel feed is, many of them do not include much data from China; since the organisations providing the feeds have little visibility into the attacks that begin or end within the borders of China,” adds Rosefelt.

In the interview, Rosefelt also discussed about the rise of botnets and use of IoT as an attack vector, and why DDoS remains a big problem.

The following is an excerpt of the interview:

1.     What is behind the increasing trends of DDoS attacks in Singapore (Starhub is the first telco in Singapore to have been hit by this attack). Why are we still falling prey to them if we’ve been hearing about the threats for so long?

In our latest DDoS Threat Report, we found that various hacker organisations have infected a large number of IoT devices with malicious bot programs to launch DDoS attacks. As IoT devices contain high-risk vulnerabilities such as weak passwords, and these devices stay online without being attended – this makes them optimal targets for launching DDoS attacks.

In addition, IoT-based botnets employ attack approaches as effective as, if not more sophisticated, than traditional DDoS tools. The relative ease at which hackers can utilise hundreds of thousands of IoT devices to launch DDoS attacks is one reason behind the increasing trend of DDoS attacks.