Stakeholders fret over rising DDoS as losses hit over $500b
Cyber Security experts have called for more third-party awareness and trainings to mitigate the rising menace of cyberattacks, adding that third parties in a network system are usually overlooked and that has posed an entry point for new attacks.
According to them, Nigeria is known to be leading in terms of online fraud in Africa, with about $500 billion, which is expected to hit $2trillion by the year 2020.They added that with better configuration, services upscale in the value chain and data domiciliation, cyber attacks would be mitigated.
They made the call during the Cyber Security Workshop Themed: “DDoS Evolution – Staying Protected” organised by the Information Security Society of Africa-Nigeria (ISSAN) in collaboration with 21st Century Technologies Limited in Lagos.
According to research, Distributed Denial-of-Service (DDoS) attacks are getting 300 times bigger, 60 times longer, and five times more complex. These figures mean that attackers are engineering more complex attacks on a larger scale.
President of ISSAN, Dr. David Isiavwe, decried the worsening state of cyber security in the country and called for collaborations to boost the fight. He said: “For those who watch the cyber space closely, you will all agree that there is still a lot happening every day. New forms of attacks are being contrived and implemented by the bad guys and all they need is one successful attempt. We hear of all the various attacks both on individuals and companies alike. Indeed, even the cyber security gate keepers are not spared. And huge sums of money are at risk whenever there is a successful attack. Businesses must take steps to stay protected always.”
Isiavwe, who is also the Group Head Operations & Technology, Ecobank Nigeria Limited, further lamented the fact that everyone and every institution was susceptible to these attacks as social engineering attack is unrelenting.He said data based manipulation-insiders and outsiders is on the rise, attack on card data and card processing technology infrastructure via rogue IT infrastructure, spear phishing attack and combination of different methodologies were rampant.
The ISSAN President, therefore called on all stakeholders to be proactive, create customer awareness activities, continuous and automated monitoring of systems and infrastructure, employment of Artificial intelligence and Machine Learning as well as robotics and data analytics.
On the challenges of DDoS protection, DDoS Security expert, Nexusguard Ltd, Long Lee Shih, said the attack techniques continue to evolve and more difficult to detect, with the growing number of new and zero-day attacks.
According to him, in Q1 2018, there is a record breaking attack powered by massive amplification (Memcached attacks in 51,000 times), while Internet of Things (IoT)-botnet attacks has sky rocked in Q2 2018.
“Perpetrators employed a newly-adopted amplification attack technique called bit-and-piece in Q3 2018 to Q1-Q3 2019. Attacks are now launched towards a diverse pool of Internet Protocol (IP) addresses across hundreds of IP prefixes.
“Why legacy methods fail to address DDoS challenges is because firewall and IDS are not designed to mitigate DDoS attacks; it takes a long time to implement and requires expertise; high costs of purchasing hardware, installation and maintenance, and the extra manpower dedicated to keeping the equipment up and running,” he added.To mitigate this attack, he said the firm has partnered 21CTL to boost capacity into local regions, so that both international and in-country attack traffic can be managed simultaneously.
“It will also address data sovereignty concerns, minimise latency and maintain a good user experience. 21CTL will be the first 100 per cent guaranteed DNS service even against DDoS attacks,” he added.