With cyberattack trends constantly adapting and evolving, so too should the cybersecurity strategies used by organisations. Only then will they be able to keep pace with the level of sophistication we’re seeing across today’s cyberthreats. When it comes to the public sector and Critical National Infrastructure (CNI), organisations must be particularly aware of emerging distributed denial-of-service (DDoS) attack activity. This is because, according to NETSCOUT’s 2H2021 Threat Intelligence Report, over 9.7 million DDoS attacks occurred throughout 2021, representing a 14 percent increase in the number of attacks which occurred when compared to pre-pandemic times.
DDoS attacks are intended to drive interference to a target’s online services to the point at which they are rendered ineffective – either temporarily or indefinitely – to all users. As such, these attacks pose a major concern to critical public services reliant on the digital networks needed to serve the greater population.
Recent DDoS activity and cyberattack trends
DDoS attacks targeting the public sector and CNI are an ongoing problem, with essential services – including healthcare, finance, energy, and transportation providers – at particular risk. This is alongside the genuine concern around DDoS attacks having the potential to cause nationwide failures across critical public services, coupled with our dependency on enterprise connected devices (ECDs) and increased global interconnectivity of digital networks. Therefore, it is important for public sector organisations to be aware of the general cyberthreat landscape in order to increase their chances of defending against such attacks.
The deployment of 5G wireless services has greatly benefitted the CNI and the public sector. Its introduction has driven cost savings, improved citizen engagement, and supported the development of new online services. However, cybercriminals have benefited as well. Through the rapid global adoption of 5G wireless technologies, attackers have managed to take advantage of the subsequent gaps in security and enhanced power of at-home devices needed to launch even more disruptive DDoS attacks.
As a result, this activity has negatively affected services which public sector organisations depend on, such as wireless telecommunications and digital supply chains.
In November 2021, the National Cyber Security Centre (NCSC) revealed it had defended against 777 major cyberattacks – setting a new record when compared to previous years. Notably, 20 per cent of these attacks targeted the UK’s public and private health sector. This poses a major concern for officials as these attacks not only put the safety of critical data at risk, but countless lives as well.
How to defend the CNI and public sector
By implementing robust and modern cybersecurity tools, organisations can block as much as 90 per cent of DDoS attacks. Utilising several simple yet effective mitigation tactics – such as restricting inbound traffic and preventing IP address spoofing – can help the public sector dramatically reduce the impact of emerging DDoS attacks.
Additionally, by simply educating employees on the basics of good cyber hygiene, public sector organisations will be better positioned to defend themselves from emerging DDoS attacks. Members of staff, including those choosing to work remotely, should be taught the tell-tale signs to identify suspicious file attachments, website links, and emails that they may receive. IT teams and system administrators can also put preventative measures in place such as installing antivirus software and file scanners onto devices throughout the enterprise. This way, malware and other cyberthreats can be detected much faster, eliminating the need for users to investigate emails, file attachments, or links themselves.
Another method that the public sector and CNI can utilise is to control inbound traffic towards the data and digital services in which it provides. In the same way an organisation can limit how many users it provides its services to, it can restrict how many users have access to those services as well. The implementation of such controls can be arranged based on the kinds of services that are deployed – and if effective enough, it can notably reduce the risks imposed by potential DDoS attacks. In other words, if the majority of the attack vectors are stopped, DDoS attacks themselves will not be successful.
Lastly, public sector and CNI organisations can implement tools to block IP address spoofing. The idea behind this is to mimic another computer system or device by compromising vulnerable electronic devices. IP address spoofing hides attackers’ true identities and lowers their chances of being detected. Threat actors can then deploy DDoS attacks against their intended target and carry out other malicious activities. This can be blocked via the use of a comprehensive yet effective DDoS defence system, which is capable of saving the organisation’s digital networks from malicious pursuits whilst ensuring that only permitted traffic is accepted.
Through the implementation of these strategies, public sector and CNI organisations can mitigate the risks brought on by emerging DDoS attacks. It has been proven that organisations that have implemented effective cybersecurity measures – such as DDoS mitigation tools – have experienced considerably less issues brought on as a result of DDoS attacks against their digital infrastructures. As the threat intensifies, and as bad actors become more creative, employee education must not be overlooked in order to put those organisations within the public sector in the strongest, most secure position.
Richard Hummel, senior manager of threat intelligence at NETSCOUT.
