December 2022 - Security | Cybersecurity | DDoS

The Sectors at Risk from DDoS and Bot Attacks: How to Stop them

Andrew Slastenov from Gcore, on the risks of DDoS and bots and how to protect company systems and networks.

The Sectors at Risk from DDoS and Bot Attacks: How to Stop them-web

Copyright: © Funtap| istockphoto.com

An analyst at Gcore, a secure edge and cloud platform, predicts that DDoS attacks will almost double in frequency and volume in 2022 compared to 2021. The average attack power will grow from 150–300 Gbps to 500–700 Gbps. Both ordinary users and businesses in any industry – fintech, gaming, e-commerce, and others – are being targeted. In this article, we will go over the most common causes of DDoS attacks, ways to safeguard your company from these assaults, the industries that are hardest hit, and how to tell the difference between bot attacks and genuine end users.

Types of businesses that will experience a DDoS attack

The areas that are hurting the most this year are fintech, gaming, and e-commerce. For example, we stopped a powerful UDP flood attack on a gaming company in March and a TCP flood attack that lasted 24 hours against a fintech service in April. Every month, a new case comes to light, and the number of attacks has more than doubled in the last year.

Leading reasons for being attacked

There are numerous reasons. All of these depend on the industry of the company that falls victim. What follows are a few examples:

Gaming company

Take, for instance, a gaming corporation. It is well-known that DDoS attacks can be launched by an average gamer who is upset about something. In competitive settings, especially in e-sports, players may attempt to manipulate the outcome of games for financial gain. Alternately, rivals may join in. DDoS assaults, for instance, are useful for destroying communities and luring players away from one project and toward another, such as in games with brief rounds. This occurs for a variety of causes, and the rate of attacks is only increasing. During the month of December 2021, we warded off over 200 attacks on our game developer customers.

E-commerce

This sector is also being targeted by rival companies, which is leading to the development of novel forms of attack beyond the realm of simple DDoS attacks. Case in point: bot scalping. On Black Friday, a swarm of bots appears and quickly purchases everything in the store. Bots can also disrupt marketing initiatives by creating phony accounts in online businesses and making lots of purchases (at the seller's expense).

Fintech

Fraudsters in the fintech industry use targeted assaults to try to hack banks and other financial institutions and disrupt their operations. During the height of the epidemic, when everyone was using the Internet, the number of people using financial services also spiked, making them a prime target for assaults. Since then, we’ve been inundated with inquiries from fintech firms, many of whom are the targets of persistent hacking and other forms of cybercrime.

Online entertainment / Sports media

Attacks on streaming services typically come from a service’s competitors. Let’s say you’re watching a UEFA match online, and the service suddenly goes down after the ball has already crossed the goal line. Audiences would be incredibly dissatisfied, and some would even switch to rivals as a result. Indeed, the same holds true for commercials. The advertising resources of major companies would not be risked on an unreliable system.

How to protect your business against DDoS attacks

One must take precautions by implementing a system that monitors all incoming data for signs of an attack and blocks those requests. Ensure your safety from potential dangers by choosing the best solution. If assaults are happening at the application layer, protecting the transport layer won’t do much good.

For instance, In Gcore, we have two types of protection:

  • Server Protection: Protects servers from all kinds of DDoS attacks, including channel overflow, amplification attacks, UDP, ICMP, SYN Flood, and others.
  • Web Protection: Protects websites, apps, and APIs from L3–L7 attacks of all kinds.

Server Protection

This is most often used among our clients to protect game servers, trading platforms, and data centers operated by the game development, financial technology (fintech) industries, and hosting providers. Companies can save money by blocking suspicious requests and keeping services running smoothly. In the gaming industry, a DDoS attack that takes a site down for an hour costs an average of $25,000.

Web Protection

This is usually the best choice for companies in e-commerce and banking, which are increasingly being attacked at the application level. Web Protection stops fraudsters from doing what they want by analyzing and blocking non-standard traffic in real-time.

For example, Gcore can effectively protect servers, infrastructure, and web applications from DDoS attacks at the L3, L4, and L7 layers by making use of Gcore’s global DDoS protection. It works with powerful Intel® Xeon® Scalable processors from the 3rd Generation. In order to protect your business from DDoS attacks, you need state-of-the-art hardware and software.

How bot attacks work and how to defend against them

Let’s take this from a different viewpoint. When shopping online, how does the general public act? They spend only five seconds on the homepage before clicking over to the catalogue, where they spend a further ten seconds. It’s something we take into account in behavioral analysis. When a user’s actions deviate from this pattern – for example, they only look at the homepage for a fraction of a second before moving on – we immediately suspect that they are a bot, and take appropriate action.

Bots vs. Real Users: how to differentiate

Yes, it’s challenging to identify bots in contrast to real user activity, since attackers are always changing and using more bots.

Here’s a simple example. A cybercriminal has to get information by stealing it. They keep track of what normal users do, then digitize that sequence of actions and use it to make a bot-attack algorithm. Even though it doesn’t look too strange, we catch it. If too many people go to the same resource and do the same things at the same time, we notice this and stop it.

It’s a narrative that never ends. Fraudsters are always coming up with new ways to attack, so we are always looking for ways to stop them. The hard part for businesses is to quickly link this kind of protection to real threats. If you remain under the impression that the danger isn’t so bad, it may be too late to do anything about it.

According to the analyst at Gcore, assaults will become more widespread in 2023 as use of IoT and 5G devices expands exponentially. Each of these can be added to a botnet. More linked devices suggest more worldwide attacks. Given that Internet-connected gadgets are worldwide, anti-attack measures should be too. The solution must be simple, effective, and inexpensive.

 

Andrew Slastenov joined Gcore as the Head of Cybersecurity in 2020. He is responsible for developing the security services and applications of Gcore and promotion. He has extensive experience in the field of cybersecurity and telecommunications.

 

Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.