Under Attack?
Search
Menu

Cyber-Attackers Are Adjusting to the Security Adjustments You’ve Made

By Ben DesjardinsFebruary 16, 2016

Sometimes it feels terrible to be right. In our recent Global Application & Network Security Report we predicted an increase in complex encrypted attack vectors and the importance of putting in place adequate defenses that can scale and inspect encrypted traffic.  Just last week, we got a vivid example of the increasing threat posed by encrypted attack vectors. A high profile attack occurred with an organization that had both a combination of on-premises and cloud-based DDoS protection, yet the organization’s site still went down, in large part because the attack “hid” from detection by the cloud-based resources by using encryption.

The clear and unfortunate reality is that attackers are on to the impact they can have by encrypting their attacks. Organizations looking at cloud-only solutions need to be aware of this growing trend and factor this into their thinking on what ultimately is the best solution for complete protection.

Why are attackers increasing their use of encrypted attacks? There are two main reasons. First, the encryption of the traffic allows the attack to evade detection by an unfortunate percentage of the DDoS protection products and services on the market. Many of those that do claim to provide protection from encrypted attacks suffer significant performance degradation when hit with encrypted traffic, meaning that to build a suitable solution with these technologies would require over-provisioning and buying extra gear to compensate from the performance drop. The other reason we’re seeing more attackers turn to encrypted attack vectors is they understand that encrypted traffic puts an extra burden on all the computing resources within the application stack. As a result, they can generate “successful” attacks with a much lower level of total traffic when it is encrypted.

[You might also like: 5 Cyber Attack Developments Worth Your Attention]

There are two clear factors challenging protection in the cloud against an attack like this. First is the ability of most cloud-based resources to inspect encrypted traffic.  In most cases, this capability is severely limited because most providers require sharing of private keys for the certificate of the protected server. Most organizations balk at this and in so doing the (typically unknowingly) pass on protection from encrypted attacks. Without the ability to decrypt the traffic, most cloud providers simply pass encrypted traffic along to the protected server.

This doesn’t have to be the case. Radware’s encrypted attack solution allows any certificate issued by the organization to manage the traffic decryption to identify attack traffic and isolate it for mitigation.

Second, this attack highlighted that even within the category of encrypted attacks, there is considerable innovation and creativity being employed by attackers. SSL attack detection and mitigation solutions that do not use challenge-and-response capabilities to more accurately differentiate between legitimate users and bots will leave customers exposed. Detection of only known attack patterns for encrypted attack vectors means that all encrypted attacks that do not fit predefined attack profiles will be passed along to the target server, and more likely than not, will result in an outage.

The fact that the organization that was the target of last week’s attack did have both on-premise and cloud-based protection yet still went down also highlights the importance of single-vendor hybrid solutions. The use of separate technologies on-premises and in the cloud creates a number of complicating factors for effective protection. Chief among them is the common lack of coordination when dealing with attacks. It’s an easy decision when you see attack traffic coming into your environment to swing all traffic to a cloud-based scrubbing resource, hoping they can clean the traffic. But the lack of visibility into the full nature of the attack and the inability to inspect encrypted traffic flows in this case resulted in the cloud scrubbing provider to return enough of that traffic to the target assets to take them down.

It’s customary for us to make a number of predictions in our annual report on the threat landscape. At the end of the year when we go back and look at which ones came to fruition, it’s with a mixed set of emotions… it’s nice to know when we’ve provided solid advice to the industry but also disappointing to see that as a community we have not successfully progressed our ability to protect from that which we saw coming. Here’s hoping more organizations learn from last week’s attack and heed the warnings on the growing threat of encrypted attacks.

Learn more about cyber-attack detection and trends in the 2016 Global Application and Network Security Report.

Download Now

Posted in: Attack Types & Vectors Cloud Security DDoS Security SSLTags:

Ben Desjardins

Ben Desjardins drives the development of vertical and use-case specific solutions for Radware’s Security Product Portfolio. In this role, Ben focuses extensively on the competitive landscape for anti-DDoS, WAF and anti-scraping technologies. Ben has extensive experience across a wide array of security technologies and disciplines, including DDoS, DNS, SSL, Threat/Vulnerability Management, IAM and PCI-DSS and he brings nearly two decades of marketing management experience to his work at Radware, including over 12 years focused on the information security and cyber threat arenas. Additionally, Ben has led global go-to-market efforts across many industries including retail, Ecommerce, financial services, public sector and healthcare/life sciences.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?