Back to News

Protecting Critical Infrastructure Against Ransom DDoS Attacks

Who still remembers today the first DDoS attacks? Some place it in 1996, others even go back to 1974 but what all these attacks have in common is that they were rather the work of a handful of geeky teenagers in need of celebrity. Since then times have changed. Though the DDoS attack principle remains a malicious attempt to overburden servers, devices, networks, or surrounding infrastructure with a flood of illegitimate Internet traffic, the people orchestrating these attacks have changed as did their motivations: they divide themselves between nation-states, politically or ideologically engaged hackers and cybercriminals, the latter representing by far the largest number of them; their favorite practice? Money extortion through different forms of ransomware, a type of malware that locks computer files until the victim pays a ransom. In addition to the crypto, locker and doxware ransomwares, we also find the so-called DDoS ransomwares, where attackers threaten to conduct a DDoS attack against a website or network unless payment is made. These attacks not only cause significant service disruptions, but have a tangible negative impact on the activity of their target organization. For a business it can impact the bottom line and brand, and in the case of a critical infrastructure it can also cause damages touching transport systems, telecommunications, water, energy utilities or hospitals that can not function normally with important repercussions on the lives of the citizens who are relying on them.

How can critical infrastructure protect themselves?

All Cloudflare customers including the free ones can protect themselves in only 5 minutes from any type of DDoS attack (Layer 3, 4 or 7). With a heritage in DDoS mitigation and a vast library of known attacks, malicious traffic is identified at a Cloudflare data center closest to the source within seconds. Automatic mitigation techniques are applied immediately and most malicious traffic is blocked in less than 3 seconds. Cloudflare’s network has a 172bps of capacity which is many times larger than the largest DDoS attacks ever recorded. It blocs 87 billion threats per day. While all security threats should be recorded and monitored, this level of protection means Cloudflare customers do not have to worry about DDoS ransom notes and other DDoS-related threats. Furthermore, Cloudflare announced last December Project Safekeeping that provides security at no cost to small and medium critical infrastructure organizations around the world that protects small communities.

In addition to DDoS protection, critical infrastructures should also implement Zero Trust services as quite often cyber-criminals attack from multiple angles, a DDoS attack may be used to “smokescreen” a separate attack; the security team scrambles to deal with the DDoS attack while the real one happens via for example a SQL injection. We are hearing from customers who adopt the principles of Zero Trust that they are experiencing a much narrower blast radius from a successful breach and that can lead to a quicker return to normality”. Moreover,  a Zero Trust architecture can help prevent ransomware from spreading within a network.

Finally, organizations are made of people, therefore, it’s important to implement a non blaming- work culture empowering employees to fearlessly report errors that could lead to an attack or a breach.

For updated information on that topic follow the quarterly Cloudflare DDoS report