Top 5 cyber threats CIOs need to be aware of in APAC region

Must Read

Why cybersecurity threats have increased during Covid-19 pandemic

Cybersecurity industry has never had more significant task to carry out than guarding strategic associations and businesses from digital assaults during the coronavirus pandemic

How to choose an effective DDoS mitigation plan

There are several flavours from which to choose when selecting an effective DDoS mitigation strategy. Most enterprises opt for one of the protection flavours (always-on or on-demand)

Ensuring brand protection against cyber attacks

Companies across all industries and sizes must make sure that they are protected and safeguarded against all forms of cyberattacks today

pandemic has significantly impacted the security of businesses and individuals worldwide. While some industries have been severely hit, others are experiencing sudden and exponential growth in demand for their services. Not surprisingly, this difficult time became a great breeding ground for cybercriminals who are using the pandemic crisis and our dependencies in online services for various gains. Here’s the latest cyber threats that CIOs need to be aware of in the APAC region.

The #1 risk to remote desktop services. Almost two-thirds of ransomware contains an infection vector based on RDP and one of the most persistent services when it comes to account takeover attacks.

Servers from enterprises are much wanted resources for malicious actors as they can be abused for spam distribution, lateral movement and exfiltration of sensitive information followed by ransom, command and control server for botnets, attack stations for attacking other organizations, cryptocurrency mining and finally deploying ransomware, sometimes after the previous scenarios have been tried and dried, as a last resort to monetize a successful breach.

Encrypted attack protection

More than 90% of web traffic is now HTTPS encrypted. While HTTPS is crucial for , it opens the door for new DDoS attacks. HTTPS requires many more resources from the target server than the client, meaning hackers can unleash devastating attacks with limited requests. Protection against encrypted DDoS floods is a critical requirement.

Massive global capacity

Internet of Things (IoT) botnets are growing larger and more sophisticated and becoming more capable of launching larger attacks. They can be purchased on the dark net for relatively small sums, for example the cost of a cup of coffee. Botnets are a significant threat during the massive COVID-19 public health emergency.

Application layer (L7) DDoS attacks

These pose a unique challenge for DDoS defenses, as they require insight into application behavior, and it is difficult to tell whether a request is legitimate or malicious simply by looking at the network-layer traffic. Moreover, as more and more web traffic is encrypted by SSL and HTTPS, DDoS defenses are frequently unable to look at the contents of the packet itself.

As a result, many types of DDoS defenses are unable to tell the difference between a legitimate spike in customer traffic (for example, during a flash crowd or a holiday peak) and an actual attack. Examples of attacks are: HTTP/S floods, SSL negotiation attack, Low and Slow attacks, HTTP/S bomb attack and large file download.

Account takeover/credential theft

Compromised accounts have been traded for financial gain for years. Email addresses, passwords and credentials are low-hanging fruit, as they are relatively cheaper and go in masses. Payment details are another favorite, with prices dictated by different parameters such as country of issue, credit score and more at the highest end.

The decisions and tools that organizations choose now, and the training they provide to their employees, will have enduring effects on security for years to come. It’s crucial that companies get it right.

The author is Vice President & Managing Director – India , SAARC , Middle East & GSI at Radware. Views are personal.

Subscribe to receive the day's headlines from Tech Observer straight in your inbox

Leave a Reply

*The moderation of comments is automated and not cleared manually by techobserver.in. Embedding of any link and use of abusive or unparliamentary language are prohibited.
- Advertisement -

Latest in TECH

Related Articles