As the world recovers from the pandemic, and shifts towards a more cloud-oriented approach, cyber-attacks have never been more rampant. In Q1 of 2022, 92% of data breaches were caused by cyber attacks, according to the Identity Theft Resource Center. This serves as a reminder of the importance of adequately preparing for the worst. In this blog post, we walk you through what attacks are expected in 2023, and how you can prepare for them. In addition, we will explain some new cyber security laws that may be relevant for your business.
DDoS attack trends 2023
The fact that the number of DDoS attacks continues to increase is no surprise, as they have been the dominant security threat for some years now. Globally, DDoS attacks are predicted to number over 15.4 million in 2023 – almost double that of 2018.
What’s interesting is that our data at Leaseweb shows a 20% drop in attacks during the summer months. So, it seems cyber criminals take vacations too! Of course, this is no reason to drop your guard when it comes to security. Whilst 93% of attacks at Leaseweb were mitigated automatically in 2022 without any human intervention, DDoS attacks are constantly becoming more sophisticated and require strong safeguards. That is why we deploy resilient technology to keep your business safe year-round.
State Sponsored DDoS Attacks
Research shows a rise in state sponsored DDoS attacks in the past year, and these are only predicted to increase. Such attacks are often used to disrupt communications or nullify critical infrastructure during conflicts such as the Russia-Ukraine war.
DDoS Weapons 2022
In the past two years, the number of DDoS weapons has almost tripled. Simple Service Discovery Protocol (SSDP) remains the most dangerous, with Simple Network Management Protocol (SNMP), Portmap, Domain Name System (DNS) Resolvers and Trivial File Transfer Protocol (TFTP) coming in close behind. The country hosting the most DDoS weapons over the past year was China, with over two million amplification weapons and botnet agents.
How to prepare for DDoS attacks in 2023
What’s unsettling is that, in a study by ThoughtLab, 40% of Chief Security Officers did not believe their organizations were prepared for today’s threats. With that in mind, here are some key things to ensure DDoS attacks on your organization are mitigated:
Use state-of-the-art automated DDoS defenses
In order to protect against everything from zero-day attacks to large-scale amplification attacks, it is of key importance to detect attacks accurately and fast. There are many examples where traffic peaks from marketing campaigns are interpreted by DDoS Mitigation Systems as DDoS attacks and blocked accordingly, so that is something to avoid at all costs. Speed of detection is also important, since it not only limits the impact on the attacked resources, but also avoids collateral damage (impact on other resources, which could be other customers in case of a multi-tenant infrastructure). In case attacked resources are non-critical (e.g. because they are part of a large infrastructure with many resources) a viable strategy can also be to blackhole all traffic to the attacked resource (instead of filtering the traffic to mitigate the attack). Internet networks enable automated blackholing throughout the whole internet – if requested so by the owner of the attacked IP address.
Monitor devices, traffic and users
Even if companies prepare their defense and technology well, there is always the risk that attacks are so large or sophisticated, that the in-house defense options are insufficient. For such situations it is important to know your options – who are you going to call? Do you know the options and associated costs? Who needs to be involved internally to reach a decision?
New Cyber Security Laws 2023
Our legal department identified four key new cybersecurity laws to be attentive to in the coming year. Some of these laws were put into force recently, and some are yet to be finalized. Regardless, they are good to be aware of moving into 2023.
Terrorist Content Online Directive
Since June 2022, the Terrorist Content Online Regulation has been an active law in the EU and aims to limit the spread of terrorist content online. Particularly, terrorist content spreading messages of radicalization, recruiting followers or performing terrorist activities in a very short timeframe. This strict law gives EU member states the power to issue the removal of terrorist content – to which cloud service providers much oblige. The removal order must contain detailed justifications as to why the content is considered that of a terrorist. Online platforms and cloud service providers like Leaseweb will be given one hour to remove said content. Leaseweb pro-actively took care to implement this new obligation in its Compliance Policies (terms and conditions) for our EU based sales offices – Leaseweb Netherlands and Leaseweb Germany.
The EU Cybersecurity Act
The Cybersecurity Act is currently being considered and discussed in Europe and could mean new security level certifications will come into play. The act aims to be effective and helpful on various levels of protection to prevent cyber security problems. We are keen to learn about future developments of this act for the best possible approach brought forward by ENISA and the member states.
The Network and Information Security (NIS2) Directive — also referred as a new Cyber Security Act — was adopted by the EU Parliament in November 2022. It enables an increased level of security in the EU and replaces the previous NIS Directive of 2016. This new NIS2 increases the scope of companies that (depending on their size, role and number of domain names) are referred to as important and essential providers (vital companies). The update of the NIS2 means that more companies will fall within the scope of vital companies. These vital companies must report security incidents to the government safety organizations, creating a higher security monitoring network and incident response actions for possible attacks. The directive helps to prevent society, including its relevant government organizations and business, from being jeopardized.
Digital Services Act
The Digital Services Act came into force on 16 November 2022 and could be referred to as another Cyber Security Act as part of the European approach “Fit for the Digital Age”. It covers specific roles and obligations for various internet-based market players for the purpose of combatting illegal and harmful content. The market parties such as online platforms (which will be identified according to size in the coming 3 months) and online intermediaries and hosting providers (IaaS) such as Leaseweb will be fully subject to the new Digital Services Act per February 2024. For market parties other than online platforms, the regime for taking care of illegal and harmful content has not changed in essence compared to the last eCommerce Directive and its Notice and Take down procedures. Leaseweb embraces the new legal framework and will be ready to adopt and adhere to this new Digital Services Act, which is a regulation and thereby creates a level playing field among the European providers.
Diving into 2023
As we enter the first weeks of the new year, understanding the trends of what is likely to come can be critical for preparing your business. From DDoS attacks to new laws, we hope that this article gives you some pointers for how to ensure your business is ready.