“The increase in the incidents of cyberattacks last year is prompting more businesses and organizations across the globe, both public and private sectors, to increase their investment in cybersecurity to enhance their security posture,” said Gerald Penaflor, country manager, Philippines, Akamai Technologies. But “these attacks will continue to grow”, thus the need to “pay close attention to all cybersecurity threats.”
In the Q3 2017 Akamai State of the Internet/Security Report, it was revealed that there is a significant increase in attacks that target Web Applications. “Injection” attacks, in particular, are rising in number, with SQL injection attacks being heavily used. Attackers are now also using sophisticated techniques to evade detection – for example, combining DDoS and application layer attacks concurrently.
“Over the years, cybersecurity threats have continued to evolve and have become more prevalent, driven also by the widespread penetration of the Internet in both businesses and homes combined with the rise of IoT (Internet of Things). Continued advancements in technology likewise encourage the development of tools and applications for malicious purposes,” Penaflor said. “Cybercriminals nowadays are more advanced than those in the past. They have now at their disposal sophisticated tools and techniques, such as the Fast Flux and the WireX botnet.”
Fast Flux is a DNS technique that hides malicious activities such as phishing, web proxying and malware delivery behind a network of compromised hosts acting as proxies. Meanwhile, WireX botnet was originally flagged as click fraud malware but research all but confirms that it was purposely built to engage in DDoS attacks from the start.
“Attackers are now also expanding in less-saturated regions, which may also be less protected, to gain profit and/or steal valuable data,” Penaflor said.
For Penaflor, each business needs to revaluate their overall security posture as the rapidly evolving threat landscape poses particular changes not faced in the past.
“Look towards the basic fundamentals of CIA (Confidentiality, Integrity and Availability); and in particular, Availability. For example, if your organization is an ecommerce, financial institution or bank, being online and accessible to your customer is a high priority,” Penaflor said.
He added that businesses need to ask themselves these questions: Is my DNS secured? Is my critical web applications protected by an web application firewall? Have I implemented DDoS solutions to ensure that my website is able to withstand DDoS attacks”
As it is, Akamai Technologies provides solutions designed for quick-to-deploy and cloud-based protection against a variety of advanced threats, such as massively scaled DDoS attacks , data exfiltration through DNS, attacks against APIs and Web applications. In addition, Akamai recently launched two new solutions, Enterprise Threat Protection and Enterprise Application Access, that provide protection against endpoints/guest devices accessing malicious websites and provides secured remote access to applications.
Akamai has over 220,000 Edge servers in the cloud, proactively blocks malicious traffic at the Edge, lowering the bandwidth utilized by undesirable traffic, reducing the loading on web servers and applications, by only allowing legitimate traffic to pass through.
“With the Philippine government investing in and putting more focus on ICT and DPA, this is an opportune time for the Philippines to boost cybersecurity,” Penaflor ended.