On the subject of DDoS (Distributed Denial of Service attacks), India is the first name that comes to mind. Not long ago, in August 2020, the number of Distributed Denial of Service attacks in India broke the records of total DDoS packets, which were more than 10 billion as per a study by a global security firm. According to various reports studying DDoS attack patterns in 50 different countries, it has been proved that more than 26 percent of all the DDoS attacks in the world originated from India. The list includes the U.S. with 17% and Singapore with 9% of DDoS traffic.
But why is that? Why is India the most probable DDoS attack targets? Where are these DDoS attacks originated from? Let’s refresh your memory with a glance at the definition of the DDoS attack.
What are DDoS Attacks?
A Distributed Denial of Service (DDoS) is a malicious attempt to make an online system unavailable and disrupting its regular traffic by overwhelming it with a flood of traffic from multiple sources.
These attacks target various resources such as banks, news websites, and online shops and achieve effectiveness by utilizing compromised systems as a source of attack traffic. They will prevent regular traffic from arriving at the right destination.
Read also: What is a DDoS attack and how can we protect against it?
DDoS Attack Origination
There are various reports on DDoS attack origination. Shocking news in August 2020 expressed that at least ten billion malicious IP addresses from India originated a DDoS attack in the last six months. Therefore, India has faced a shift and has become one of the largest countries that DDoS attacks originated from. The number of Distributed Denial of Service (DDoS) incidents in India hit a record high related to total DDoS packets. A DDoS packet is a spoof request/pings sent by attackers from several sources to penetrate the target system or device.
There are thousands of places in the world that could be a right hotbed for launching DDoS attacks, but DDoS attacks in India seem to be a significant interest for attackers.
Based on Symantec’s report, most of the DDoS attacks originate in countries with a high number of bot-infected machines and a low adoption rate of networking technology designed to filter out spoofed packets, and India is at the top of the list in this category.
It has been stated that DDoS attacks originated in India because of their lack of adequate security methods/infrastructure and low cybersecurity awareness. This also does not mean that all the DDoS attacks originated from India, but they were launched remotely.
Other reasons for DDoS attacks in India are that many enterprises lackadaisical attitudes toward informing or obtaining the best security practices. Tight and low-security budgets are also among the other issues that lead to India being one of the favorable DDoS attack targets.
This lack of information, tools, and training will cause many end-users, especially corporate data centers with high bandwidth, to be oblivious about their devices’ security, which will enhance their vulnerability to malware that can target their P.C. and eventually turn it into a botnet node that attackers can then use for launching DDoS attacks.
DDoS Attacks Targets
It is evident that there has been a universal resurgence in DDoS attacks, along with numerous innovations of tools and techniques by attackers that caused massive expansion in the range of DDoS attack targets. The detailed statistics show that DDoS attacks targets in India (July-August) were as follows:
- Web applications of high tech industries (33%)
- Banking and finance (33%)
- Transportation (17%)
- Government (17%)
Due to the Covid19 pandemic situation, employees began to work from home and get away from the office secure network. Since then, the companies have reported numerous and frequent cyberattacks. As a result, hackers will target remote workers with leaky and patchy networks at home. The standard methods are phishing, DDoS, and video conferencing attacks.
Since the digital and online activities increased in 2020, most of the DDoS attacks originated from India are linked to financial blackmail. In this situation, attackers threaten to shut a business offline.
In other cases, it was reported that the attack aims to distract the I.T. security response team while the attackers hack the target system simultaneously.
To explain DDoS attacks targets in simple terms, DDoS attacks are compromised laptops, PCs, and many different devices infected with a Trojan virus, which is then used to attack and target a victim network. These originating devices do not have one location and are distributed.
Attackers will use massive numbers of devices to shut down a single system or network of an enterprise, company, or individual. A device can be infected by a Trojan virus while using the internet for emails, download links, etc. The important thing is that at least 49.657 unique IPs across the globe originated a DDoS attack.
Why is India Most Vulnerable to Cyberattacks?
Neglecting Internal Security Threats: If enterprises are ignorant about infrastructures, monitoring, and logging processes, and if instead, they care about business continuity only, it will be hard to detect weak points.
Detectable Weak Points During Remote Work: Working remotely and from home highlighted the risk of weak authentication techniques, insufficient monitoring, and exposed servers. (DNS, VPN, RDP)
Missing Expertise in Cloud Technology: Cloud technology makes it possible to access data from anywhere and any device, but companies are not aware of the importance of in-house protection of resources (APIs, SaaS, containers). Businesses must use a professional Cloud Security Solution with strong architecture. (َAlso read:Cloud Solutions for Small Business)
Confronting External Threats: The external threats are increasing simultaneously, and it is complicated to be prepared for all the possible attacks. In India, the number of companies with security measurements like web application firewalls to monitor details is really low.
Increased Use of Mobile Technology: India has been ranked as the third country with the highest number of internet users after the U.S. and China. This will have a direct impact on the enhanced number of DDoS attacks in India.
DDoS Attacks Trends 2021
New experiences have shown that DDoS attacks have become much more sophisticated recently. Here a list of DDoS attacks to watch in 2021:
Application Layer Attacks: As recently as two or three years ago, application-layer attacks have overtaken network-based attacks. The reason is that an infrastructure-focused attempt to fill up internet capacity is less effective now.
Burst Attack: The burst attacks frequently change in both duration and frequency. It is vital to catch these attacks in real-time. It is better to create a firewall filter log traffic and a policy to block specified traffic. Another option is to maintain a tool to specify in real-time whether traffic is safe or not.
Exposed Servers: To achieve a better user experience (UDP protocol), businesses left many servers exposed, and now it is easy to attack a system even without writing malicious code.
Overlaid on Other Attacks: DDoS attacks have become an overlie of sorts with threat actors that add additional components and leverage ancillary services like banking/hospitality to maximize monetary gain. They are considered to be very distinct.
Reflective Amplification: The lack of a controlling or handshake mechanism in stateless-type protocols leaves the system open to spoofing attacks. It can be as adversaries using fake source IP addresses that are undiscoverable or capitalizing on reflection methods to use the IP address of the target victim.
Web-Based Botnets: The botnets interacting with websites will cause inventory manipulation. They collect a massive amount of items into a cart, taking a financial toll on companies, and as a result, they will be unable to sell the stock items. The bad traffic won’t be blocked, and eventually, companies end up overbuilding infrastructure, letting both good and bad traffic in.
*This information is based on an article from www.CRN.com.
How to Prevent DDoS Attacks
Despite all the information above, many security practitioners argue that it is not that important where the attacks originate; instead, the vital point is to be prepared and ready to detect, mitigate, and prevent such attacks better than ever.
Since the risk of these types of attacks is really high, the best way of responding to DDoS attacks is to have a reliable and effective cloud security service, like the ArvanCloud Security solution, to protect your resources.
ArvanCloud Cloud Security Solution has multifaceted DDoS protection, which will mitigate as many as possible attack vectors. Our DDOS prevention solutions benefit from implementing advanced anycast and GSLB structures to detect and mitigate all sorts of attacks on DNS services such as UDP, TCP, Layer 3/4 ICMP, and most of all, the Layer 7 dangerous attacks.
