“With Ransom DDoS, you can now easily hold companies and enterprises ransom. Not only that, it is becoming even more complex because they (hackers) probably already know the vulnerable spots in your external attack surface, for example, in APIs.”
Heaptalk, Jakarta — In recent years, cyber-attacks have become a public conversation in Indonesia after several data breaches experienced by government agencies and institutions.
Regarding this issue, Imperva, a well-known cybersecurity company for application programming interfaces (API) security, DDoS protection and data security, revealed its prediction of the upcoming cybersecurity trends. According to Imperva APJ Solution Architect, Daniel Toh, the ransom distributed denial of service (RDDoS) will continue to be a leading threat vector. Daniel also foresees this mode of attack will continue to dominate in the near future.
In 2022, Imperva mitigated a ransom DDoS attack measuring 3.9 million requests per second (RPS). The attack averaged 1.8 million RPS and lasted over 4 hours.
In Daniel’s view, Ransom DDoS is terrifying because besides asking for ransom, the attackers are likely already aware of the vulnerable spots on the external attack surface of the systems owned by companies and organizations. Attackers are likely to exploit these vulnerabilities while the key business stakeholders are distracted and preoccupied with dealing with the ransom DDoS threats.
“With Ransom DDoS, you can now easily hold companies and enterprises ransom. Not only that, it is becoming even more complex because they (hackers) probably already know the vulnerable spots in your external attack surface, for example, in APIs.” said Daniel.
Daniel explained further that threats in the cybersecurity domain can often be visualized in the form of the external attack surface. With digital modernization trends, the attack surface is now expanding. And this provides more avenues for ransom DDoS attacks to target. The Russian and Ukrainian war further contributed to the prevalence and popularity of ransom DDoS attacks.
Daniel voiced, “Since the Ukraine and Russian War broke out, we are seeing more and more threat actors threatening targeted organizations to pay them ransom in cryptocurrencies. When the ransom is not paid, the attackers then bring down systems and sites owned by the targeted organizations. This happened to a lot of critical infrastructures such as healthcare services and government agencies.”
APIs will be the top threat vector in data breaches
Furthermore, applications modernization efforts are inseparable from other key technologies like application programming interfaces (APIs). The nature of APIs inadvertently resulted in many applications being more exposed than before. Which then increases the external attack surface. On this topic, Daniel observed a spike in API attacks across the region that are dominating the cyberattacks landscape.
Daniel shared, “At Imperva, we analyze and protect 1.5 trillion requests across our global networks every month. We are seeing this trend where apps and APIs are being exploited more frequently than before. Due to the external facing nature of public APIs, attackers typically already performed reconnaissance and knew exactly where the weak spots in the APIs are. However it is also important to understand the motivation behind APIs exploits. APIs exploits offer an easy and quick way to gain access to the crown jewels behind them, and that is the data served by APIs. Data is what attackers are really after in today’s context.”
Attacks on API are not new, but they are becoming more commonplace these days. Gartner, a technological research and consulting firm, predicted years ago that by 2022, API would become a top attack vector in data breaches. “Earlier this year, Gartner is now predicting the situation will get worse by the year 2026. By 2026, Gartner believes 50% of cyberattacks will target areas that are not or cannot be protected by zero-trust controls, such as public-facing APIs and social engineering scams.”
“50% of cyberattacks or more are going to come from APIs simply because of the expanded attack surface that I spoke about,” said Daniel.
Echoing Daniel’s views, the Regional Sales Director at Imperva, Fei Wen Ho, added that recent hacking attacks in Indonesia, including Bjorka, have increased the concern of organizations in Indonesia about data security, primarily the financial sector and government agencies. Fei Wen added, “We observed Ransom DDoS, API security, and also data security are the few trends that are getting more and more attention from key business stakeholders, not only in Indonesia, across the whole of Asia Pacific as well. To help Indonesian organizations more readily protect themselves from these trending threats, we are launching our second DDoS scrubbing Point-of-Presence (POP) in Indonesia this year. This second POP reaffirms Imperva’s commitment to the Indonesia market. Most importantly, this will also help our Indonesian customers adhere to data sovereignty regulations while getting the best-of-breed protection against DDoS attacks, API exploits, bots attacks and web application attacks.”
Moving beyond the zero-trust security approach
In response to increasing cyberattacks, organizations have begun to implement a zero-trust security approach to strengthen their systems, including in Indonesia. Zero trust refers to an IT security approach that requires strict identity verification for everyone and devices trying to access resources on a private network, regardless of whether they are inside or outside the network perimeter.
Daniel observed that the majority of large organizations in Indonesia are maturing in implementing the zero-trust concept. He said, “Across Asia, the large Indonesian organizations are comparatively one of the most mature in thinking when we talk about the zero-trust concept.”
The Indonesian market is one of the top 5 largest economies in Asia, alongside China and India. Indonesia has a huge amount of digital economic potential that is powered by a tech-savvy technological workforce and innovation. Therefore, zero-trust implementation indeed is no longer an option, but a necessity. This is even more true when many large organizations are also starting to move their systems to the cloud, including banking and core services.
Daniel reiterated these digital modernization efforts will further expand the current attack surfaces, including APIs exposed on public websites. He advised organizations in Indonesia not only to enhance the API/application security posture but also to try to regain control of this expanded attack surface. Particularly, full API discovery can be considered as the first step to start identifying the potential vulnerable points exposed by the organization’s public facing systems.
“Something as simple as API discovery will go a long way to help us understand how wide our external attack surface is. From there on, organizations can start to learn more about how each and every API is connected to the data backend and incorporate data security posture management into their application and API security lifecycle.” concluded Daniel.
