Michael “Kaz” Kaczmarek is VP of Product Management for Neustar’s Security Solutions business unit. He also directs Neustar’s research efforts around DDoS attacks and DNS trends. Prior to joining Neustar, Kaz spent nearly two decades with Verisign. Before that, he was a systems engineering manager for Lockheed Martin in charge of their Solid Rocket Motor Disposition in Russia Program. Kaz holds a B.S. in Aerospace Engineering from the University of Maryland and an M.S. in Environmental Engineering from Johns Hopkins University.
Last year was an interesting year for cybersecurity. As the pandemic caused chaos, adversaries capitalized on it. In the first half of 2020, Neustar saw a 151 percent increase in distributed denial-of-service (DDoS) attacks. While we saw the bulk of those attacks in May, things didn’t slow down in the second half of the year. In fact, DDoS attacks continued to grow, peaking in September when Neustar mitigated over 3,100 attacks alone. Neustar mitigated over 25,000 DDoS attacks in 2020, and even now, in 2021, we are still seeing attacks at a higher rate than before the pandemic.
As things begin to “normalize,” we are seeing a handful of cybersecurity trends emerge as a direct result of the pandemic. From my discussion with NetSPI’s Nabil Hannan on the Agent of Influence podcast, here are four cybersecurity trends to watch throughout the second half of 2021 and beyond.
Ransom-related DDoS attacks:
One of the most interesting findings from our DDoS research was the reemergence of ransom-related DDoS (RDDoS) attacks, where the targeted organization receives a ransom note that claims if they don't pay, the adversary will attack their infrastructure. This technique has been around since the 90s, but it started coming back in vogue late last year.
By now, we are all aware that ransomware is running rampant. You see attacks like JBS and Colonial Pipeline making headlines, but we often do not hear about other attacks, like RDDoS attacks, that are taking place. What is shocking to me is the number of emergency mitigations my team is handling and the frequency of those attacks – we are addressing RDDoS attack threats at a rate of nearly five per week.
The increase in ransomware and RDDoS attacks brings up the dilemma of whether organizations should pay the ransom or not. My take is that a company should make the right business decision that makes sense for them, their board, their industry, and their consumers. After all, they are the ones who understand how their business model is structured.
While I believe paying the ransom puts a target on your back, it is a question that doesn't have a straightforward answer. The adversaries are great at what they do and they’re only getting better. It’s up to organizations to shift their mindset to proactively think about security – and it shouldn’t take a disaster to make this shift. Now that it has gone mainstream, everyone has to make sure they're prepared for a ransomware attack. Investments made in cybersecurity today will pay dividends when an attack occurs in the near future.
Managing 5G security:
The growth of 5G is another area to watch. I see it drastically changing the cybersecurity landscape, specifically around how it will change how all devices are connected, and interconnected, to the world around them. 5G has nearly 100x the bandwidth that we had in prior generations, and it allows devices to directly connect to the network. Regardless of what you do for cybersecurity protection today, every threat gets amplified when you add 5G into the equation.
One of the biggest challenges in cybersecurity is knowing who is connecting to your infrastructure. This becomes even more critically important with 5G because many devices in the future will not be behind a firewall, a VPN, nor a NAT (Network Address Translation). I anticipate we will start to see two shifts in the attack landscape as a result of 5G. First, more attacks will be launched from mobile and other small devices. Second, attacks will target personal islands of security instead of larger infrastructures.
Cybersecurity staffing:
Studies say that the pandemic has accelerated the way we work by six to 10 years. In other words, there was an expectation that in six to 10 years we would be in the type of hybrid work environment we now find ourselves in – working from anywhere, and at any time. It has expanded our attack surface and increased our need for more robust cybersecurity efforts.
One thing that keeps me up at night is the fact that the cybersecurity unemployment rate is 0%. This year, experts anticipate 3.5 million open cybersecurity jobs – enough to fill 50 NFL stadiums. As security professionals, we have to be right 100% of the time and the attacker only has to be right once. For that very reason it is worrisome to think about what we are going to do when these attacks start to really ramp up and scale and we cannot fill enough security roles to keep up.
Too many security tools:
There is not a single tool out there that can check all the boxes. If a tool claims it can do 17 great things, it’s more likely that they're doing 17 things, but none of them are great. It then becomes a lot of plug-and-play, and we end up buying tools based on the marketing hype, as opposed to the true reason we should implement something into our infrastructure.
As people become more reliant on the marketing promises, it opens more avenues of exposure. A tool is only as good as the process it is meant to augment or facilitate. As cybersecurity professionals, it is important that we focus on vigilant processes to ensure we are protected from threats. We have to continuously stay updated on our current patch levels, be diligent with account management, and focus on protecting what is critical to our business first and build from there. Hardened processes augmented by appropriate tools will help keep your infrastructure, business, and employees secure.
There is a lot to consider as we move into the second half of the year and uncover the lasting technological impacts of the COVID-19 pandemic. Listen to episode 31 of Agent of Influence to hear more cybersecurity trends and insights.
[post_title] => 4 Cybersecurity Trends to Watch: DDoS, 5G, Staffing and More
[post_excerpt] => Read about how these four cybersecurity trends will impact security leaders in 2021.
[post_status] => publish
[comment_status] => closed
[ping_status] => closed
[post_password] =>
[post_name] => cybersecurity-trends-ddos-5g-staffing
[to_ping] =>
[pinged] =>
[post_modified] => 2022-12-16 10:51:56
[post_modified_gmt] => 2022-12-16 16:51:56
[post_content_filtered] =>
[post_parent] => 0
[guid] => https://www.netspi.com/?p=26018
[menu_order] => 318
[post_type] => post
[post_mime_type] =>
[comment_count] => 0
[filter] => raw
)
)
[post_count] => 1
[current_post] => -1
[before_loop] => 1
[in_the_loop] =>
[post] => WP_Post Object
(
[ID] => 26018
[post_author] => 104
[post_date] => 2021-08-03 07:00:00
[post_date_gmt] => 2021-08-03 12:00:00
[post_content] =>
Last year was an interesting year for cybersecurity. As the pandemic caused chaos, adversaries capitalized on it. In the first half of 2020, Neustar saw a 151 percent increase in distributed denial-of-service (DDoS) attacks. While we saw the bulk of those attacks in May, things didn’t slow down in the second half of the year. In fact, DDoS attacks continued to grow, peaking in September when Neustar mitigated over 3,100 attacks alone. Neustar mitigated over 25,000 DDoS attacks in 2020, and even now, in 2021, we are still seeing attacks at a higher rate than before the pandemic.
As things begin to “normalize,” we are seeing a handful of cybersecurity trends emerge as a direct result of the pandemic. From my discussion with NetSPI’s Nabil Hannan on the Agent of Influence podcast, here are four cybersecurity trends to watch throughout the second half of 2021 and beyond.
Ransom-related DDoS attacks:
One of the most interesting findings from our DDoS research was the reemergence of ransom-related DDoS (RDDoS) attacks, where the targeted organization receives a ransom note that claims if they don't pay, the adversary will attack their infrastructure. This technique has been around since the 90s, but it started coming back in vogue late last year.
By now, we are all aware that ransomware is running rampant. You see attacks like JBS and Colonial Pipeline making headlines, but we often do not hear about other attacks, like RDDoS attacks, that are taking place. What is shocking to me is the number of emergency mitigations my team is handling and the frequency of those attacks – we are addressing RDDoS attack threats at a rate of nearly five per week.
The increase in ransomware and RDDoS attacks brings up the dilemma of whether organizations should pay the ransom or not. My take is that a company should make the right business decision that makes sense for them, their board, their industry, and their consumers. After all, they are the ones who understand how their business model is structured.
While I believe paying the ransom puts a target on your back, it is a question that doesn't have a straightforward answer. The adversaries are great at what they do and they’re only getting better. It’s up to organizations to shift their mindset to proactively think about security – and it shouldn’t take a disaster to make this shift. Now that it has gone mainstream, everyone has to make sure they're prepared for a ransomware attack. Investments made in cybersecurity today will pay dividends when an attack occurs in the near future.
Managing 5G security:
The growth of 5G is another area to watch. I see it drastically changing the cybersecurity landscape, specifically around how it will change how all devices are connected, and interconnected, to the world around them. 5G has nearly 100x the bandwidth that we had in prior generations, and it allows devices to directly connect to the network. Regardless of what you do for cybersecurity protection today, every threat gets amplified when you add 5G into the equation.
One of the biggest challenges in cybersecurity is knowing who is connecting to your infrastructure. This becomes even more critically important with 5G because many devices in the future will not be behind a firewall, a VPN, nor a NAT (Network Address Translation). I anticipate we will start to see two shifts in the attack landscape as a result of 5G. First, more attacks will be launched from mobile and other small devices. Second, attacks will target personal islands of security instead of larger infrastructures.
Cybersecurity staffing:
Studies say that the pandemic has accelerated the way we work by six to 10 years. In other words, there was an expectation that in six to 10 years we would be in the type of hybrid work environment we now find ourselves in – working from anywhere, and at any time. It has expanded our attack surface and increased our need for more robust cybersecurity efforts.
One thing that keeps me up at night is the fact that the cybersecurity unemployment rate is 0%. This year, experts anticipate 3.5 million open cybersecurity jobs – enough to fill 50 NFL stadiums. As security professionals, we have to be right 100% of the time and the attacker only has to be right once. For that very reason it is worrisome to think about what we are going to do when these attacks start to really ramp up and scale and we cannot fill enough security roles to keep up.
Too many security tools:
There is not a single tool out there that can check all the boxes. If a tool claims it can do 17 great things, it’s more likely that they're doing 17 things, but none of them are great. It then becomes a lot of plug-and-play, and we end up buying tools based on the marketing hype, as opposed to the true reason we should implement something into our infrastructure.
As people become more reliant on the marketing promises, it opens more avenues of exposure. A tool is only as good as the process it is meant to augment or facilitate. As cybersecurity professionals, it is important that we focus on vigilant processes to ensure we are protected from threats. We have to continuously stay updated on our current patch levels, be diligent with account management, and focus on protecting what is critical to our business first and build from there. Hardened processes augmented by appropriate tools will help keep your infrastructure, business, and employees secure.
There is a lot to consider as we move into the second half of the year and uncover the lasting technological impacts of the COVID-19 pandemic. Listen to episode 31 of Agent of Influence to hear more cybersecurity trends and insights.
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Name
Domain
Purpose
Expiry
Type
YSC
youtube.com
YouTube session cookie.
52 years
HTTP
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Name
Domain
Purpose
Expiry
Type
VISITOR_INFO1_LIVE
youtube.com
YouTube cookie.
6 months
HTTP
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
We do not use cookies of this type.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
We do not use cookies of this type.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
We do not use cookies of this type.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Cookie Settings
Discover why security operations teams choose NetSPI.
