Ed Amoroso, Chief Executive Officer of TAG Cyber LLC, a global cyber security advisory, training, consulting, and media services company, recently published a great article on the potential for DDOS attacks to disrupt the upcoming election. In it, he gives great insight into how L3/L4 volumetric DDOS works and how they can be used against the facilities that collect and tabulate votes from regional sites. It is also crucial for organizations to keep a close eye on Layer 7 DDOS attacks because we have recently seen an uptick in these techniques in the wild. For the sake of brevity, I’ll just describe Layer 7 DDOS this way. Instead of inundating an app with vast numbers of connections, L7 DDOS looks to overload an application by taking advantage of faulty business logic or highly intensive queries. This behavior allows them to cause outages with far fewer attacking nodes, that often can look like normal valid users. This approach can be devastating to an application while avoiding the volumetric scrubbing that catches L3 attacks.
Defending against such attacks requires a combined solution that uses multiple techniques to identify threats. Security tools need to distinguish between malicious bots and valid users and require the ability to profile, track, and challenge suspicious entities to get a trustworthy answer.
On the other hand, behavioral profiling of applications can help teams recognize early when queries or responses are taking abnormally long times to execute. This approach enables security teams to see the problem and address it before it leads to an outage.
These are just a few examples, but they all play a role in ensuring that security teams can weed out the bad actors without impacting legitimate traffic.