>>All right. Let's kick things off. I'm Lisa Martin with Richard Hummel manager of threat intelligence at NetScout. We're going to be talking about the vertical industries where attackers really zeroed in for DDoSs attacks. Richard. This is some interesting findings in the second half of 20 21, 20 21. >>It is in it's unfortunate because I never liked to see individuals or organizations specifically targeted by DDoS attacks and often this kind of individualistic targeting isn't so individual. And what I mean by that is DDoS attacks. Almost always have some form of ripple effects. It collateral damage that extends far beyond who the adversary is going after. We've got an example of this. There's there's been a lot of reports recently about, uh, various void providers, um, starting in Eastern Europe and expanding even to north America and various other parts of the world that have reported this DDoS extortion campaign or crew or whoever it might be copycatting as our eval, which is a notable ransomware group that all those publicly no, no that they were successful. Well, these guys are, are copycatting that unfortunately they've been very successful in some of these attacks and some of the companies have gone on record saying that, look, this didn't just impact us. >>They didn't just take our services offline. None of our customers could make calls. They could not do the reputation damage alone. How many of you users or subscribers did they lose as a result of them not being able to meet phone calls, how much revenue loss during that time period that they're losing out on. I go back all the way back to last year, and we saw something similar with another DDoSs extortion campaign against the New Zealand stock exchange. It was down for almost four days. Just think about the sheer amount of revenue loss and just all of the things that domino effect from there, right? It's not just the exchange commission that had problems. It's not just them. It's all of the stockholders and anybody that couldn't make a trade. And so yes, adversaries absolutely single out organizations, but the damage that it causes to those around them can be astronomical. >>Right? The downstream effects are just go, as you said, the ripple effect just goes on and on. And on. One of the things that I found interesting in the second half of 2021 threat intelligence report was that telecommunications verticals, which are usually a popular target for attackers actually saw fewer attacks in second half. Why is that? What are your thoughts there? >>So I think a lot of this goes back to why we saw a decrease in the second half of the year. Yeah. That decrease is almost exclusively attributed to a decrease in DNS amplification in CLD, DNS being like the predominant, uh, the us attack factor for many, many years, uh, TCP attacks, these direct path attacks that we talked about in our last segment, where they are direct from button ads or they're source from high powered, we're seeing a rebalancing, the scales here. So we're seeing about equal parts of both of these kinds of attacks now versus the reflection amplification that the amplification stuff being predominant. Um, and so that's one of the reasons why we saw that decrease. And when we look at the telecommunications and wired it and wireless, um, these are your consumers. These are your gamers. These are just individuals sitting at home, minding their own business that are getting DDoS attack. >>Then we've talked about it on previous interviews that we've done, that gamers are predominantly the targets of DDoS attacks. And so if we're seeing a decrease in like the preferred method for these attacks to occur, naturally, we're going to see a decrease in some of the attacks against these consumers. But what's notable here in, in telecommunication is considered like this big umbrella, right? You have wired, you have wireless, you have mobile, you have satellite, you have all other telecommunications, which is where your work providers fall. Um, so most of them we saw decreases, but in wireless and all other telecommunications now wireless, remember this 5g advent, and then the other telecommunications with this digital extortion stuff against the void providers. Those are two areas where we saw increases wireless, saw 32% increase and all other telecommunications think void saw at 93% increase. And so we are seeing some increases here, but the higher kind of frequency or attack counts in the wired, um, in a mobile, those saw decreases. >>Let's talk about 5g where, you know, everybody is so excited about it. The adoption is coming. What's going to be the amplification implication of 5g in terms of feeling increased attacks, >>Just the sheer volume. I mean, when we start to introduce 5g, now we're talking about every single device that we have potentially having its own space on the internet. You may have high bandwidth, high throughput capacity. And so we're not talking about just in the home, right. 5g is going to be everywhere. So now just take all of your IOT devices that maybe either be isolated to your home network are now going to be across the entire globe, outside the home on 5g networks that have the capability to launch really fast, really, really potent attacks. And so just the, the footprint really of what we've got to think about from a security perspective and from a defense perspective, it's going to flip things on its head quite a bit, because you're going from here's everything that I'm going to secure inside. My let's just use the castle representation again, everything's inside the castle. >>I put my boundaries in place. I've got my firewalls. I've got my IDs is I've got my access control lists. So anything outside of my sphere or my domain is irrelevant because I don't care about it. Well, 5g is going to blast that away because not only do you not have it on prem anymore, everything starts to get its own direct connection to the internet. How do you secure 5g? Does your organization have that in practice? I mean, ISP is, are still rolling 5g out and are still trying to figure things out as they go, how much more do enterprises and others that are gonna be consumers of this need to figure out how we're going to secure against these. And so, yeah, it's gonna introduce a whole new realm of how we need to think about security, >>A whole new realm, lots to consider there. Another thing besides the wireless telecommunications that that report uncovered was that closely related related software and computer and manufacturing verticals also saw massive increases in attacks. Why talk to us about that? >>You know, I think it's a logical progression of attacks. Um, the last report we put out, we talked about the conduct of the supply chain and what we meant by that was how do we communicate? How do we talk to each other? How do we get into our work, uh, assets? We use a VPN, we use DNS servers. We use internet exchanges to resolve our websites, adversaries increase the tax against those. And that was kind of like the connectivity piece. Well, let's, let's take a step back. What do you need to be able to get online? You need a computer, you need software and you need the ability to store some of this data on your computer. So what we saw 606% increase in attacks against software publishers, 260 and 253% increases against computer manufacturing, computer storage manufacturing together. To me, these are the digital supply chain. >>These are the things that allow us to do what we need to do. And so it's almost like a natural progression. And we see this a lot with DDoS extortion. So take the Lazarus Paramatta guys. We talked about last time, you know, they've initially started against financial organizations going after banks. Then they moved to the stock markets and they moved to insurance brokerages accounts. They moved to travel exchanges, currency exchanges, and they started this domino effect that, you know what, let's go where the money is. Maybe we'll get a payday that didn't work so slowly. They started to expand. Eventually LBA started targeting anybody and everybody in every single industry in vertical. And so what we see here is kind of like a logical progression of, you know, what our, to the supply chain attacks didn't work. And there's a good reason for them because these devices that they're going after are usually very, very secure. And so DDoS attacks, they can absorb them. They can mitigate them that they just bounce off. So can we succeed by going a little bit more upstream or downstream? However you want to look at this by targeting the actual manufacturers themselves, the people who create the software, we need to be able to conduct our business. And so that's kind of the logical progression of what we're seeing here. >>So Richard, how can companies prepare, defend against the attacks against the digital supply chain? That's pretty critical >>Preparation. Preparation is the key. And if we follow best current or best industry practices, um, there's this 80 20 rule that a colleague of mine likes to use. If you do 80% of the recommended things, the best current practices, it solves 80% of your problem and not just for the DDoS problem, but also for things like ransomware, various other, it's really that 20% in there that you have to worry about. And that's going to be being aware, knowing the adversaries are actually going after software publishers who would have funk it. Right. Who would think that they're actually going after the manufacturer of the applications that I'm using to talk to you right now, Lisa, right. Yeah. And so these are the kinds of things that people just aren't always aware of. And so making sure that we're cognizant of the actual targets of these attacks, and then from there, figuring out is there is our business involved in any kind of, of the software publishing. >>Should we be concerned about that? And if not, what about where we're getting our software from? Do they have to worry about this? Is there a risk for them not being able to deliver something to us because they're under bombardment by detail sometimes. And so it's just being aware and taking steps to be able to handle prepare. And I will say it again. You must have some sort of DDoS protections in place. It's not when, or it's not, if it's when you're going to get attacked and everybody, even if you are not the direct target, there's collateral damage as we talked about in the last segment. >>Yep. It's a matter of, if not, when, and that's something that businesses of any size in any industry have to be prepared for, as you said, preparation is really number one. Richard, thank you for sharing some of the really interesting findings and the verticals that have saw massive increases in the second half of 2021. And we look forward to what you're going to uncover next. >>Absolutely. Thanks again for having me. It's been a pleasure. >>Likewise. We want to thank you for watching the program today. Remember all these videos are available@thecubedotnetandyoucancheckoutthenewsfromtodayonsiliconangledotcomandofcoursenetscout.com many thanks to NetScout for making this program possible and sponsoring the cube. This is Lisa Martin signing off. Thanks for watching and bye for now.