Preface

As the holiday season approaches, businesses and organizations should brace for an increase in Distributed Denial of Service (DDoS) attacks. Historically, this period has seen a spike in such attacks, targeting sectors like e-commerce and gaming that experience heightened activity. DDoS threats persist throughout the year, but the holiday season's unique combination of increased online activity and heightened cyber threats makes it a critical time for heightened vigilance.

 

The Rising Tide of DDoS Attacks in the Holiday Season

The holiday season is synonymous with a surge in online shopping and digital entertainment, making it a prime target for DDoS attacks. This period witnesses significant business volumes year-over-year, with total retail sales expected to grow 4.5% to reach $1.33 trillion this year, creating an attractive landscape for attackers. Last year we highlighted how holiday season saw an uptick in such attacks, underscoring the need for robust defenses.

 

 

Figure 1 - Comparison of DDoS attack patterns by average number of attacks per day, peaking during holiday season

 

Geopolitical Tensions and Evolving Attack Vectors

Recent geopolitical unrest, especially in the Middle East and Europe, has led to an escalation in DDoS attacks. These are often perpetrated by hacktivist groups or nation-state actors, as seen in attacks associated with the Russo-Ukrainian war, and more recently with the Israeli-Hamas war. The evolution of attack vectors is also a concern. The recent HTTP/2 Rapid Reset DDoS attack emerged in recent months is a result of vulnerability CVE-2023-44487, with the potential to impact the availability of HTTP/2-based services.

The healthcare sector has become a notable target for DDoS attacks, with an alarming increase in attacks from January to June 2023. The intensity and frequency of these attacks indicate a focused effort by groups like KillNet, highlighting the need for sector-specific protection strategies.

 

 

Figure 2 - Daily DDoS attack volumes on healthcare applications

 

The Rise of Botnets and DDoS for Hire

A new trend in cyberattacks is the exploitation of cloud computing resources, including Azure subscriptions, to launch large-scale DDoS attacks. This global phenomenon showcases how cybercriminals leverage cloud computing's scalability to amplify their attacks.

Additionally, the increasing availability of DDoS-for-hire services presents an evolving challenge. These services can be purchased for as little as $5 USD and are increasingly being used as a cyberweapon in human operated ransomware attacks to exploit vulnerabilities in Internet resources. DDoS-for-hire platforms continues to rise, with 20 percent having emerged in the past year alone.

 

Preparing for the Holiday Season

 

Proactive Planning and Preparation

Assessing Risk and Vulnerability: Begin by identifying applications within your organization that are exposed to the public internet. Evaluating potential risks and vulnerabilities of these applications is crucial to understanding where you may be most susceptible to attacks.

Understanding Normal Behavior: Familiarize yourself with the normal behavior of your applications. Azure provides monitoring services and best practices to help you gain insights into the health of your application and diagnose issues.

Attack Simulations: Regularly running attack simulations is an effective way to test your services' responses to potential DDoS attacks. During testing, validate that your services or applications continue to function as expected and there’s no disruption to the user experience. Identify gaps from both a technology and process standpoint and incorporate them in the DDoS response strategy.

 

Ensuring Robust Protection

DDoS Protection Service: With the high risk of DDoS attacks during the holiday season, it’s essential to have a DDoS protection service like Azure DDoS Protection. This service provides always-on traffic monitoring, automatic attack mitigation upon detection, adaptive real-time tuning, and full visibility on DDoS attacks with real-time telemetry, monitoring, and alerts.

Multi-Layered Defense: For comprehensive protection, set up a multi-layered defense by deploying Azure DDoS Protection with Azure Web Application Firewall (WAF). Azure DDoS Protection secures the network layer (Layer 3 and 4), while Azure WAF safeguards the application layer (Layer 7). This combination ensures protection against various types of DDoS attacks.

Alert Configuration: Azure DDoS Protection can identify and mitigate attacks without user intervention. Configuring alerts for active mitigations can keep you informed about the status of protected public IP resources.

 

Developing a Response Strategy

Forming a DDoS Response Team: Establish a DDoS response team with clearly defined roles and responsibilities. This team should be adept at identifying, mitigating, monitoring an attack, and coordinating with internal stakeholders and customers. Use simulation testing to identify any gaps in your response strategy. This helps ensure that your team is prepared for various attack scenarios.

 

Assistance During and After an Attack

Seeking Professional Help: In the event of an attack, reaching out to technical professionals is vital. Azure DDoS Protection customers have access to the DDoS Rapid Response (DRR) team for assistance during and after attacks.

Post-Attack Learning and Adaptation: Following an attack, it is essential to continue monitoring resources and conduct a retrospective analysis. Apply learnings to improve your DDoS response strategy, ensuring better preparedness for future incidents.

 

As the 2023 holiday season approaches, the risk of DDoS attacks is on the rise, emphasizing the need for proactive and vigilant cybersecurity strategies. Prioritizing DDoS Protection as a key component of your cybersecurity arsenal is essential. Equip your organization with the necessary tools and knowledge to safeguard against these threats, ensuring a secure and uninterrupted holiday season. Stay ahead of cyber threats and maintain operational resilience with effective planning and Azure's robust protection measures.