Pervasive, Quick & Disruptive: DDoS Attacks – What’s ahead for 2023 & Recommendations for ASEAN

Microsoft

By Neha Monga + Area Business Group Lead – Cybersecurity, Data Governance, Risk, Compliance, & Privacy | Microsoft APAC

Distributed Denial of Service (DDoS) attacks are among the most common cyber threats that organizations face today. These attacks can disrupt a company's online services and render them inaccessible to customers and end users causing financial and reputational damage as well as at times, legal and regulatory penalties.

As shared in our recent report on DDoS attack trends and insights, in 2022, Microsoft on average mitigated 1,435 attacks per day, and a total of 520,000+ unique attacks that were directed at our infrastructure globally. A large portion of those attacks continued to target US based resources, with India, East Asia, and Europe making up most of the remaining attacks. TCP (transport control protocol) attacks were the most frequent with UDP (user datagram protocol) and packet anomaly attacks having significant presence as well. Most attacks were seen to be short, with 89% spanning less than 1 hour. In fact, attacks spanning 1-2 minutes accounted for 26% of all DDoS attacks, which on one side require fewer resources from the attackers, on the other side, they are more challenging to mitigate for legacy DDoS defenses.

In 2023, cybercrime is likely to continue to rise, especially in Asia, where rising adoption of smartphones and popularity of online gaming, added to the accelerating digital transformation and cloud adoption among organizations, may contribute to an increased exposure to DDoS attacks. Here are four trends we anticipate:

1. Attackers will use DDoS as a distraction to hide more sophisticated attacks such as data breaches, that may be launched at the same time.
2. IOT DDoS botnet attacks will continue to cause significant disruption.
3. There may be a rise in DDoS attacks from account takeovers, where malicious actors will gain unauthorized access to resources to launch DDoS attacks.
4. Geopolitical tensions may cause continued use of DDoS as a primary tool for cyberattacks by hacktivists.

Proactive planning and preparation help in effectively defending against cyberattacks and DDoS attacks are no different.

1. Start by identifying your external attack surface, especially applications that may be exposed to the internet and note their expected behavior (this is to quickly identify anomalous behavior).
2. Make sure you are protected by leveraging DDoS protection services with advanced mitigation capabilities that can handle large scale attacks. Traffic monitoring, adaptive real-time tuning, DDoS protection telemetry and access to a rapid response team are critical.
3. Have a DDoS response strategy in order to identify, mitigate and rapidly recover from an attack. As part of that, it is important to assemble a DDoS response team with well-defined roles and responsibilities, escalation matrix and a clear understanding on coordination of internal stakeholders and customers.
4. Learn and adapt after an attack with your post-attack analysis, taking stock of which services or applications suffered the most, if the disruption to service or user experience happened due to lack of scalable architecture, and last but not least, how effective your DDoS response strategy was and how it can be improved.

How Microsoft can help in ASEAN: The ASEAN region is home to many fast-growing economies and emerging markets, making it an attractive target for cybercriminals. It is essential for organizations in the region to have robust cybersecurity measures in place to prevent and mitigate DDoS attacks. Microsoft can help organizations by providing them with its range of cybersecurity tools and services which may include Azure DDoS Protection, Azure Firewall, Azure Application Gateway and Microsoft Defender, a comprehensive security solution that provides threat protection, identity and access management, and information protection for hybrid and multi-cloud scenarios.