Photo - Dato' Seri George Chang, Regional Vice President for Hong Kong and Southeast Asia, Fortinet.
Network security solutions provider Fortinet has advised Malaysian organisations to beef up their response plans and assess their network infrastructure vis-à-vis DDoS threats today.
Citing a recent Stratecast study, which showed denial of service attacks (DDoS) have been increasing by 20 to 45 percent annually, Fortinet's regional vice president for Hong Kong and Southeast Asia, Dato' Seri George Chang said Malaysia's firms should be storing up defences for critical servers as well as prioritising data, and installing management and monitoring capabilities,
"Verizon in its 2012 Data Breach Investigations report called these attacks 'more frightening than other threats, whether real or imagined. IT administrators should therefore be ready to implement fail-safe measures that quickly identify the source of the threat, minimise the impact of the attack, and restore service as soon as possible," said Chang, adding that a multi-layer defence strategy, DNS server protection and IT infrastructure visibility would spare both government agencies and businesses the pain and costs of denial of service attacks in Malaysia
He said that according to several local newspaper reports, cyber-attacks recently erupted between Malaysian and Filipino hackers over the intrusion and standoff between militants from Philippines and Malaysian Police force in Lahad Datu, Sabah.
Hackers claiming to be from Malaysian and Filipino chapters of the hacktivist group Anonymous attacked websites of both countries, added Chang. Some claimed to have crashed a few Government websites, and publicly announced their exploits over Facebook.
DDoS remains prominent tool
Stratecast's study also showed that application-based DDoS attacks in particular are growing by triple digits. "Stratecast added that attacking via DDoS is one of the most prominent tools used by the hacker community, oftentimes as part of a multi-technique attack strategy," he said.
"The evolution of DDoS attacks highlights the urgency with which governments and businesses must adopt a security strategy to defend themselves," said Chang. "There are proactive steps organisations can take to bolster defenses and reduce the risk of attack."
He said a DDoS strategy should attempt to maintain services - especially critical services - with minimum disruption. "To that end, businesses can start by assessing the network environment and devising a response plan. Among other things, the plan should include backup and recovery efforts, additional surveillance, and ways to restore service as quickly and efficiently as possible."
Fortinet solution consulting director, Eric Chan, who is based at the company's Fortiguard centre in Kuala Lumpur, said: "DDoS attacks - like other security threats - will only continue to grow and become more rampant in future."
"Researchers have found that DDoS attacks are growing not just in terms of frequency, but in terms of bandwidth and duration as well," said Chan. "A decade ago, for instance, 50 Gbps [Gigabit per second] attacks were seen a couple of times a year. Now, such attacks can happen nearly every week. The evolving nature of DDoS technologies will require firms to make a paradigm shift that entails greater foresight and more proactive defences."
He said Fortinet advised Malaysian organizations to adopt three key steps: to implement a multi-layer defence strategy, arrange for the protection of DNS [Domain Name System] servers and other critical infrastructure, and thirdly to maintain full visibility and control of their IT infrastructure.
Sign up for Computerworld eNewsletters.