Former military intelligence officer Richard Hummel is now the Threat Intelligence Lead for NETSCOUT, the US-based leader in connectivity security. He has extensively trained as a computer network operations analyst and malware reverse engineer and is also an expert on cyber analysis and its impact on the insurance industry. We caught up with him to find out more.
From your background, what led you to your current role?
I began my advanced training in signals intelligence soon after joining the US military in 2008, after learning that I could not become a paralegal, which was always my passion. This changed the trajectory of my career as I later moved on to cyber analysis training, which was a new role in the US army. I was one of the very first and few deployed army soldiers with this expertise, even before the army had an established cyber military operations specialist (MOS) division.
After four years with the military, I became an army contractor working with various government entities, which led me to join iSIGHT Partners, later acquired by FireEye, where I continued working in threat intelligence, cybercrime, and ransomware reverse engineering. After four years there I then started working at Arbor Networks, later acquired by NETSCOUT. Here, I manage the threat intelligence team, specialising in global distributed denial-of-service (DDoS) attack activity.
What are DDoS attacks and why are they significant?
DDoS attacks inhibit internet service assurance, preventing organisations and service providers from being able to deliver their products or services. They are intentionally programmed to overwhelm a targeted digital network, application, or website to the point of crashing. Depending on how much damage the attacker wants to inflict and the strength of the attack, it can temporarily or indefinitely render services unusable to all users. These attacks can also go as far as stopping website availability and can even result in internet outages.
Most enterprises today rely heavily on internet services for their business operations. If this were to be disrupted for any period, organisations can suffer significant financial and reputational losses. For example, in a scenario in which businesses suffer from just a few minutes of downtime, there is the potential for millions of pounds of revenue to be lost. Our job is to make sure that online services are always running smoothly for our customers and remain free from DDoS attacks. To do this, we examine how adversaries are changing their attack tactics and provide effective products and services that meet this landscape.
How do DDoS attacks affect the finance and insurance sectors?
DDoS attackers are choosing to increasingly launch attack campaigns against banks, exchange services, insurance brokerages, and anywhere else they perceive the money to be. In fact, during the second half of 2021, our threat researchers observed a 257% spike in attack activity, with global insurance agencies and brokers heavily targeted.
Our 2H2021 DDoS Threat Intelligence Report also shows a 263% increase in attack activity towards computer storage and device manufacturers, as well as a 162% increase in attacks targeting electronic computer manufacturers during this time. This is significant because DDoS attacks can impose major complications onto computer manufacturing companies and other device manufacturers, which supply technology global businesses depend on in order to operate – including those in finance and insurance.
An example of this can be seen at the start of the Lazarus Bear Armada (LBA) DDoS extortion campaign, when the group first started launching DDoS attacks targeting the financial industry. The group focused on commercial banks, stock exchanges, and other adjacent businesses to get a payday. Notably, the LBA continuously launched enough DDoS attacks to knock the New Zealand Stock Exchange offline for four days which resulted in significant damage and revenue loss for its businesses and stakeholders. Following this, the group progressed its efforts towards critical sectors such as healthcare and energy providers – which didn’t stop until they were satisfied with their extortion earnings.
Has NETSCOUT spotted any recent DDoS trends business leaders should be concerned about?
As reported in our most recent DDoS Threat Intelligence Report, more than 4.4 million global DDoS attacks were launched from July to December of 2021. This led to an average rate of an attack occurring every three seconds. With the widescale rollout of 5G networks and services, which countless organisations now rely on, these networks now provide attackers with the bandwidth and speed needed to deploy even more powerful and frequent attacks. As a result, global wireless telecommunications providers faced a 38% spike in DDoS attacks.
Are there other significant trends that you’ve seen?
We’re also observing DDoS-for-hire services being offered to the general population. These services are readily available for anyone to launch a targeted DDoS attack without the need for a cryptocurrency account, nominal fee, or vetting process – with some even offering services for free. NETSCOUT researchers discovered 19 confirmed DDoS-for-hire services presenting more than 200 types of attacks for customers to choose from, including different methods to evade basic anti-DDoS protections. Unfortunately, this means that launching DDoS attacks is becoming easier with these services, which is concerning as the number of attacks and new attack trends is likely to increase and become more volatile with each passing year.
How can insurance companies protect themselves from DDoS activity?
I believe all organisations should be advised not to pay DDoS extortion demands. If the right prevention tools are implemented correctly, financial and insurance businesses can mitigate these attacks successfully. To adequately defend against DDoS activity, organisations need to invest in effective and robust protection systems that are tested on a regular basis.
An additional measure for organisations to consider is enlisting the help of an on-demand DDoS attack consultant. Gaining their expert insight and knowledge of the DDoS threat landscape can greatly benefit the organisation and its key stakeholders. Only by following current industry best practices can organisations put themselves in the best position to successfully defend themselves from these highly volatile and increasingly frequent attacks.