Join Sean Martin as he chats with Richard Meeus from Akamai at Infosecurity Europe in London, exploring the latest insights in cybersecurity resilience and the ongoing battle against DDoS attacks.
Welcome to a brand-new episode of On Location with Sean Martin and Marco Ciappelli at Infosecurity Europe 2024 in London. Today, Sean hosts a very special guest, Richard Meeus, Director of Security Technology and Strategy, EMEA at Akamai, who will provide us with valuable insights into cybersecurity resilience and the evolving landscape of distributed denial of service (DDoS) attacks.
The High Energy at Infosecurity Europe 2024
Sean Martin kicks off the conversation by highlighting the vibrant atmosphere at Infosecurity Europe. With a bustling crowd and high energy, it's the perfect setting to look and discuss pressing cybersecurity topics. Richard Meeus appreciates the opportunity to be part of this lively event and shares his excitement for the discussions ahead.
The Importance of Resilience
In recent months, Sean has noticed a growing emphasis on the concept of resilience in cybersecurity conversations. Notably, both Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) are prioritizing resilience to safeguard their organizations. Richard shares his perspective, emphasizing the critical importance of resilience, especially in Europe. He points out that new legislations like NIST 2 and DORA are driving organizations to focus on maintaining the availability of their systems.
The Rise in DDoS Attacks
Transitioning to the main topic, Sean and Richard discuss the alarming increase in DDoS attacks observed in EMEA (Europe, the Middle East, and Africa). Over the past few years, there has been a significant surge in such attacks, with notable activity driven by hacktivists rather than traditional criminal actors. Richard explains that hacktivists use DDoS attacks to make a statement, often targeting high-profile organizations to maximize their impact.
The Role of Akamai in Protecting Against DDoS
Richard explains Akamai's pivotal role in defending against DDoS attacks. He highlights Akamai's extensive cloud protection service, boasting a global network with 2,400 points of presence (PoPs). This vast infrastructure allows Akamai to protect some of the world's largest and most prominent brands.
Richard explains the importance of shifting the burden of DDoS defense to the cloud to handle the massive attack traffic. Akamai's scrubbing centers, strategically located worldwide, meticulously clean the incoming traffic, ensuring only legitimate requests reach the client's systems.
Evolution of DDoS Attacks
Sean invites Richard to provide an overview of how DDoS attacks have evolved over the years. While some traditional tactics like sin floods remain prevalent, there has been a resurgence of older techniques like water torture attacks targeting DNS. Richard emphasizes that organizations must protect their entire infrastructure, including APIs, which are increasingly becoming the target of such attacks.
The Financial Sector: A Prime Target
The financial sector is frequently targeted by DDoS attacks, according to Richard. He stresses that the trust customers place in financial institutions is heavily reliant on the availability of their digital services. Any disruption can erode this trust and have a significant material impact on the organization's reputation and customer confidence.
Comprehensive Protection Strategy
Richard underscores the importance of a comprehensive protection strategy for organizations facing the threat of DDoS attacks. By leveraging Akamai's global network and sophisticated scrubbing techniques, organizations can effectively mitigate the impact of these attacks. The combination of automated defenses and skilled SOC teams ensures real-time protection and rapid response to evolving threats.
In this conversation, Sean and Richard reiterate the significance of maintaining trust and resilience in the face of growing cyber threats. With the right strategies, partnerships, and technologies, organizations can safeguard their digital presence and continue to deliver reliable services to their customers.
For more in-depth insights, be sure to check out Akamai's latest report and explore their extensive back catalog of valuable cybersecurity resources
Learn more about Akamai: https://itspm.ag/akamaievki
Note: This story contains promotional content. Learn more.
Guest: Richard Meeus, Director, Security Technology and Strategy, Akamai [@Akamai]
On LinkedIn | https://www.linkedin.com/in/richard-meeus/
Resources
Fighting the Heat: EMEA’s Rising DDoS Threats: https://itspm.ag/akamaievki
Learn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamai
View all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverage
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
The Latest Insights in Cybersecurity Resilience and The Ongoing Battle Against DDoS Attacks | A Brand Story Conversation From Infosecurity Europe 2024 | An Akamai Story with Richard Meeus | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00] Sean Martin: And hello everybody, you're very welcome to a new episode of On Location here with Sean Martin, the host of the Redefining Cybersecurity Podcast. Marko and I are here in London at InfoSecurity Europe at the Excel, and I'm thrilled to have Richard Meeus from Akamai. Richard, how are you?
[00:00:20] Richard Meeus: Doing very well, thank you very much indeed for having me on.
[00:00:23] Sean Martin: It's a pleasure, it's a pleasure. And, uh, you can hear it in the background, the energy is high.
[00:00:28] Richard Meeus: There's a lot of people here today and, um, yeah, I think it's going to be a good few days,
[00:00:34] Sean Martin: absolutely. And it's important to have conversations and to look at what's going on in the field with respect to the threats and how organizations are dealing with those threats.
And you and your team have put together a report, I guess it's a regular report you do, and some interesting things popped up in this recent one. We're going to get into some of those. But before we do that, Richard, maybe a few words about your role at Akamai, what you're up to, and Maybe a few words about what Akamai does in general as well, if you don't mind.
[00:01:06] Richard Meeus: Sure, absolutely Sean. So, um, I'm the Director of Security Technology and Strategy for Akamai and EMEA. And my role is working, uh, working with our customers and our partners, uh, ensuring that Akamai is best aligned in providing the solutions and, uh, protections that they need to ensure that their businesses remain online.
And that's what Akamai has been doing now for 25 years, is providing We are running a cloud protection service that is the most distributed in the world. We have the largest cloud network, 2400 pops around the world. Almost a petafix per second in terms of capacity. And this allows us to protect some of the largest and biggest brands on the planet.
[00:01:55] Sean Martin: It's interesting, the last few months I've had a lot of conversations where the word resilience has come up. And the other interesting Not just the CISO talking about resilience, the CIO is really looking to partner with security folks to really understand what resilience means for their business.
Which, for me, it says there's a lot of other executive support to really understand what's going on here. I don't know if you have any thoughts on that based on the conversations you have with folks.
[00:02:33] Richard Meeus: I think especially in Europe at the moment, resilience is really important. Uh, is a massive topic and that has been proven through by legislation that's going through, um, in the European Parliament.
So we've got NIST 2, which is coming through, which is, uh, covers all sort of critical national infrastructure within the EU. We've also got DORA, which is for the financial services in the EU. Um, and obviously that's gonna have an impact on, uh, countries outside the EU that do a lot of work with, uh, with EU citizens.
So obviously, you know, a lot of companies over here in the UK are getting massively impacted by Google. And both of those are driven around resilience. It's about being available, being online, maintaining the availability of your systems as much as possible.
[00:03:25] Sean Martin: Absolutely. So in that light, so a lot of, from an operational perspective, The teams are going to be required to really put systems and programs and teams and operations in place to deal with the regulations that they have.
On the other side of the coin, nothing's slowing down on the, uh, the attacker side, right? So, what, what do you see in there?
[00:03:48] Richard Meeus: Yeah, uh, the, the attackers, uh, as, as we did in the, the, the stage of the internet report that we released today, the attackers have been Especially prevalent over the last few years, especially within EMEA, and we've seen a huge increase in the attacks in EMEA.
So the US, where we normally see the majority of the attacks, dramatically gone down. And I don't think there's any surprise that, uh, with the two wars essentially that are happening in the continent, that there's been a lot of DDoS activity. And DDoS activity. Has long been the, uh, the tool of the hacktivist, right?
Uh, and I say hacktivist as opposed to criminal or, um, this is a criminal activity, but it's, it's not the same as somebody who's trying to steal data from money, right? The activist wants to make a point, you know, they're doing their pr, they want to basically to make, make a big bang, and they want to be able to stretch over overseas, stretch over borders, stretch over boundaries, and make their.
That means taking down or taking offline an organization that is very prominent in a certain geography. It's a good way to make that point. And this is why we've seen a huge increase in DDoS attacks in EMEA, um, in the last few years.
[00:05:18] Sean Martin: A lot of it, a lot of it driven by Are you able to attribute it back to some of that stuff?
[00:05:28] Richard Meeus: Attribution is really tricky when it comes to cyber. It's a lot easier in kinetic warfare, you can see where it came from. But in cyber, it's a little bit more difficult. We see certain attack traits and techniques. But it's very difficult to sort of say who actually did that particular attack. We know that a lot of organizations were taking credit for it.
But, you know, we know that people, for example, at the beginning of the Ukraine Russia war, there was an activist called Kilnet that was very prevalent in a lot of attacks, uh, against organizations in Europe that were supporting the Ukrainian act. Uh, and that was very, it was very public. Um, but it's very difficult to know sort of where they actually sit within the group.
[00:06:17] Sean Martin: What else are you seeing in the report that you think might be interesting? Trends or anomalies from previous times? Actually, let's do this first. History of the report. Oh, yeah. This isn't your first one, right?
[00:06:33] Richard Meeus: So we've been doing these reports now for 10 years. And one of the benefits that we have at Akamai of having this huge network, and seeing so much traffic, Trillions and trillions of DNS requests today.
You know, uh, terabits, hundreds of terabits per second of traffic. Billions of attacks. It allows us to get an unprecedented view on the internet, on criminal actors, on the attacks that we're seeing, the novel attacks that are being created. So every couple of months we will produce a report that focuses on a specific area and it may be a specific geography, it may be on a specific vertical such as financial services or commerce, or it may be on a specific attack type.
So it might be on bots or it might be on east west ransomware or something like that. So we'll try and find out something that's particularly relevant from the data sources that we have. And this one we've released today. KSA is around, specifically around, uh, DDoS attacks in EMEA, um, and we wanted to focus on this because of the, the massive increase, the massive focus on these attacks in EMEA.
UK sees almost a quarter, uh, of all the DDoS attacks that we're seeing. That's a massive amount of attacks. You know, normally, as I said, the US used to receive the bulk, now the UK sees virtually a quarter of the attacks that we see in EMEA. Um, so that, that's huge, followed by, um, uh, KSA, Saudi Arabia, and then followed by Germany.
[00:08:11] Sean Martin: KSA would pop in there.
[00:08:12] Richard Meeus: Um, it, it is, but you have to remember that they are, uh, have a very loud voice now. Right. Um, they're beginning to be more prevalent and they're being, getting to be seen more on the internet around the world. Um, and as anything with an organ, with any country that is, is, uh, being more prevalent.
They will tend to get more attacks. Uh, in the same sense that the UK, Germany, all the big, all those big countries tend to get attacked. Um, so I don't think it's especially surprising. I think we've seen attacks against the Middle East, uh, in various different countries for, for the last 10 years. Um, and certainly we've been very, uh, prevalent across the Middle East in helping organizations, uh, protect their infrastructure, their financial services, and that, that sort of thing.
[00:09:05] Sean Martin: What's, um, what can you share with me? Is it denial of service? Distributed Denial of Service, not a new concept, right? But the technologies and the attack vectors through which those can take place certainly have grown. Um, so can you give me a history of kind of Distributed Denial of Service, how it's changed or evolved over the years?
I mean, we have IoT, we have AI, does it sit down? Anything you want to share there?
[00:09:36] Richard Meeus: Yeah, so DDoS is, uh, is quite an interesting thing. It's changed a lot. It's Proulx Lesson, Proulx Save Their Moms show sort of thing. It's just, it's still doing the same stuff as what it's been doing 10 years ago. We're still seeing Simfloods.
Simfloods DDoS attacks for years. We're still seeing, um, a lot of the traditional type of activity. I think what's interesting is because we're getting the hacktivists coming back, as opposed to the criminal actors who were doing DDoS for ransom, that seems to have a shift. We're seeing a resurgence of what's called water torture.
Tactics. Um, and water torture is an attack on the DNS of an organization. Um, and this is really important for businesses to be aware of because a lot of the times people think I need to protect my website. That's the public face of my organization. I need to put all the protection in front of that. But if your DNS is off the side and they take down your DNS, as we know, in security, you take out DNS, everything breaks.
[00:10:40] Sean Martin: That's the old joke, right? It's always DNS.
[00:10:42] Richard Meeus: It's always DNS. Absolutely. Uh, you, you sort of hit my punchline for me. Ah, sorry. LAUGHS And the water torture tactic is a very old tactic that's designed to take out your authoritative DNS. It basically relies on the fact that if you create a unique request, a unique sub domain request to, uh, a domain, it has to go all the way back to the origin, to the authoritative DNS to find out.
Uh, you can't use all the cached DNS responses out on the internet that, that, that the internet would like. To, to scale and to service out the billions and trillions of DNS requests a day. If you create a unique one, it has to go back to origin every single time. So you just keep creating unique, unique, unique, unique, unique.
Create enough places to connect to those unique requests. They all have to go through to origin and it overloads the origin DNS. And if it DNS, bad things happen.
[00:11:43] Sean Martin: Talk to me a bit. We see a lot of, not just human interaction with systems. But we see apps to apps, machine to machine, and API to API driven now.
And with that, soon as we start to need to trust other things besides people. Not needs, of course, the growth of those things. How does that impact, you know, service load? A lot of stuff.
[00:12:19] Richard Meeus: No, absolutely. Yeah, I think one of the things we're seeing now is this There's less traffic being, uh, going from the website to the user.
Basically what happens is you're using an app. And the traffic between your app and the back end is all API. So the volume of traffic has gone down, but there's more requests going back and forth. But the point is, is now instead of having like one website we have to protect, we now have a thousand API requests going.
Um, and they are just as susceptible, they are just as vulnerable, if not more, to DWI. Because you've got more to protect. You need to ensure that everything is protected. So they are just as vulnerable. And we, we need to be affording the same level of protection and security to our APIs that we were, that we are doing to our, to our websites.
And generally we're not. We're not. The APIs are sort of a bit of a forgotten thing that tends to get sort of, we'll get to that later, let's focus on the website. When realistically, APIs are becoming the dominant trend. At Akamai, we see huge amounts of our customers shipping well over a third of their traffic is just purely on APIs.
And understanding the scope and scale is where organizations are now beginning to have that challenge.
[00:13:38] Sean Martin: So talk to me, because as I was describing that in my mind and then to you, I was thinking in the financial sector, like banking, open banking is becoming a big thing, right? You can buy stuff on credit and that, that element of Of purchasing is available as a service through a number of different services.
Um, anything in the report that kind of points to how the financial sector is also dealing more with costs and, and other, other attacks and threats like that.
[00:14:14] Richard Meeus: I, I think financial services has always been a prominent target for, for DDoS, um, because whether they're a criminal attacker. It's a hacktivist and they realize the impact that taking down a bank now because if you want to send a message to the population of a country or a region, go off the money.
It's always a good way to do it and I think that, you know, I try to liken it to where banks were 120 years ago and banks were around 120 years ago. They're trying to get people to give them money. They're trying to get people, all of the population, to give them money. Take it out from underneath their bags and whatever and give them money.
So what do they do? They've built something that will evoke trust. They've built banks with big, thick banks. Walls, high windows, so my money's safe here. It's, it's safe. Who goes to a bank now? So there's no, they have no way of, of creating that trust. The trust is with their digital presence, with the app on their phone, with their website.
If that website goes down, they're thinking, where's my money? You know, uh, uh, uh, uh, The website's all there. They don't know the difference between a DDoS attack or a hack. or whatever. So they're going to be concerned about that money. Their trust is going down rapidly. So being online, being available is critical to financial institutions to maintain that level of trust.
And this sort of goes back to what DORA was, was, is being put in place for us to ensure that that the service to the customers, the service to the population. Is, is maintained and is resilient throughout.
[00:16:02] Sean Martin: So is there any connection, I don't know if it was data that said, let's focus on EA data that said, let's focus on financial sector in this current report.
Well, certainly. Is there a connection there at all?
[00:16:16] Richard Meeus: Well, financial services is the most attacked vertical, uh, for DDoS, um, but by some margin. Um, and it's, as I said, it does have to go in in fits and stars Japan. What is happening around the world. Sometimes we see a lot of DDoS attacks against e commerce.
Sometimes we see a lot of DDoS attacks against, uh, other verticals. Financial services at the moment. And I think this is driven by a lot of the, the hack division around there as well. Because again, it goes back to that impact the trust. Make sure you'll know how to get that word of around is going off the financial institutions of that.
The fact is that financial services, the most attacked vertical in Mir is the most attacks geography through financial services company in a mirror. You're pretty much bearing the brunt of the, of the global business attacks.
[00:17:13] Sean Martin: So Richard, talk to me about how this impacts the customers that you work with.
And how, and ultimately what I really want to know is how you actually help them. Because DDoS attack, you know when it happens, but it's too late at that point. And then you lose the trust with your customer and your partners and whatnot. So how, how are your customers experiencing this world? And how do they then get some solace from working with you and the Akamai team to know that you have their back?
[00:17:48] Richard Meeus: So what are the challenges with DDoS? Very asymmetric cost burden in terms of the cost to attack against the cost to defend. Um, we've seen a lot of booters that are around a relatively small amount of money, 10 euros or something like that, to get a booter to launch a dealers attack. Now, if that can generate sufficient capacity to take your side offline, that's a problem.
Um, and what organizations need to do is think about, okay, how can we address this? I have the size of the, the pipe that comes into my organization. Organizations want a 10 gig pipe. It doesn't cost much to launch a 10 gig of data today, because you're going to fill that pipe. So realistically you need to move the problem away from your organization and do it in the cloud because the cloud has the ability to have a lot more capacity.
So what we've done is, is built a huge global network. We have, uh, amongst that scrubbing sensors, the It allows us to take in all of the attack traffic. It doesn't matter if it's 10 gigs, 100 gigs, a terabit, whatever. Whatever that volume comes in, we can get it into our estate, and we can clean that traffic up and just send you the clean traffic down.
So they're basically moving the problem, moving the edge of their network out to us, and then we can absorb all that traffic, clean it up, and just send them the clean stuff through.
[00:19:14] Sean Martin: Interesting, the clean up, because it's not just It's not just absorbing it, right? Because one could absorb it, but it doesn't necessarily mean the service is going to continue as you would expect, right?
So the cleaning is a big part of it.
[00:19:29] Richard Meeus: Absolutely, and so there's a huge raft of tools that we put in place to ensure that only the clean traffic gets through. I mean, there's different tooling for different type, different attack vectors, whether it's a, uh, we talked about the water torture attack, we talked about a sin flood, or We talk about a, uh, a network time protocol reflection attack.
They're all different mitigation techniques that we need to do. Um, and a lot of that can be done, can be, can be automated, but it also requires, um, management as well. So we have SOC teams around the world who are constantly fighting these DDoS attacks on a daily basis. So their, their muscle memory and their skill set is, is, is antipaths and the ability to be able to detect the novel attack vectors.
One of the other things we talked about. In this report was, uh, the increase in vectors. Normally, uh, a DDoS attack would just see one vector come in and try and take that organization out. Now we're seeing, okay, we're not going to hit you with just a CineFloat or just a DNS float. We're going to hit you with 3, up to 12 different attack vectors And this is when you need to have a lot of skills in being able to bring the right tools into play to make sure the mitigation happens, doesn't block legitimate traffic, and ensures you stay up.
[00:20:46] Sean Martin: In real time. In real time.
[00:20:48] Richard Meeus: In real time, that's the thing. He's got either eyes on glass and hands on keyboard.
[00:20:52] Sean Martin: Yep. And as a final point as we wrap here, because the organizations, most of them reside in a specific region, right, but there are certainly multinational organizations. Talk to me, you mentioned your global network sits in the cloud, absorbs and cleans.
Um, but as you're seeing activity throughout the world, are you able to kind of help navigate some of that on behalf of your customers? So that if, to your point on EMEA is under, taking a lot of the hit right now, um, you're able to leverage some of your services in other regions.
[00:21:36] Richard Meeus: Well, that's one of the main aspects around dealers to taxes.
A lot of times they will compromise IOT devices, something we saw with Mirai a few years ago, which is still around. And it will leverage devices all over the planet. And sometimes you may get a router that's been released by an ISP. In a certain country we saw that happen a few years ago in Brazil, where a router was provided by an ISP and they had to pay for it.
The hackers found an exploit to launch DDoS attacks, because you have huge amounts of DDoS attacks coming from Brazil. Uh, we may see it over the Far East, we may see it in Oceania, we may see it in North America. It doesn't matter, we will basically absorb, clean, scrub, process that traffic. in that particular geo.
So we have scrubbing centers in South America, North America, in the Middle East. We have lots in Europe, we have lots in APJ, lots in Oceania, where we can take all that traffic and just get rid of it locally. So if you're in a European country, uh, company, it doesn't matter because we're going to get rid of all that traffic over in APJ or wherever it's coming from.
[00:22:43] Sean Martin: Perfect. And um, final question for you Richard. So let's speak to, uh, Uh, advice for them, given the rise and continued increase of DDoS attacks, especially in the media and ongoing in the financial sector and others. How would you recommend they approach their security program? How can they redefine security?
Cybersecurity, given what you've seen in this report.
[00:23:13] Richard Meeus: Um, I think in light of the upcoming regulations that are coming into the EU, critical organizations understand the scope and capability that DDoS can do to an organization, especially around impacting that trust. And when you start looking at how that trust can be related to the material impact, that a CEO is going to be, uh, Concerned about whether it's going to have that decision, whether investors going to make money or invest in a business.
If you're impacting the trust of your customers, that's going to have a material impact, and if you can have a material impact, that's something where you need to focus and say, okay, how can I reduce the chance of that happening? How can I put mitigation in place to protect myself?
[00:24:04] Sean Martin: Got it. Alright, so multiple vectors, multiple techniques.
You need to, uh, you need to be able to scale that and have a team that's ready to handle all of that for you and that's what you do.
[00:24:16] Richard Meeus: Well that's the thing, we can take all, what we do at Akamai is we provide the tooling, the capacity, the scaling, the teams, the brains to be able to absorb all of that and just provide you with clean traffic.
So we can take the problem and make it go away.
[00:24:30] Sean Martin: Clean traffic. The content. Alright, Richard, well, it's been a pleasure chatting with you. And, uh, everybody listening to this episode, uh, please do check out the latest report and probably some of the other ones. I'm sure there's some interesting findings in the previous
[00:24:44] Richard Meeus: There's some really good, really good, really good reports on that.
Yep. Check out the back catalogue.
[00:24:48] Sean Martin: And subscribe, so you get the next ones. Definitely. And, uh, Richard, thank you very much.
[00:24:53] Richard Meeus: John, thank you very much indeed. It's been great to be on.