According to the Cisco 2018 Annual Cybersecurity Report (ACR) adversaries are beginning to weaponize cloud services and avoid being discovered through encryption which conceals their command-and-control activity. As security professionals we understand and utilize encryption as a useful defensive tool but, it also comes as no surprise, that adversaries will use helpful technology as a method for covering their unscrupulous behavior. The report stated that encrypted traffic has tripled over a 12-month period with more than 50 percent of global web traffic being encrypted as of October 2017. This reduces visibility and gives actors more time to inflict damage to their targets.
Additional major findings include an increase in DDos “Burst attacks” which are growing in complexity, frequency, and duration. One new study found that 42 percent of organizations experienced this type of DDoS attack within the last year. As the name suggests, a Burst attack is when a DDoS botnet is “pulsed” to simply hit each (or multiple) victims for a short period every few minutes. Burst attacks are most harmful to organizations where session integrity and continuity is critical to accessing the company services. According to the report the increase is attributed to the prevalence of DDoS-for-hire services weaponizing IoT Devices. Furthermore, Reflective Distributed Denial of Service attacks continue to increase according to the report.