The Evolving Threat Landscape of DDoS Attacks: Insights from Macquarie Government’s Security Operations Centre

Within the Security Operations Centre (SOC) at Macquarie Government, we have been witnessing firsthand the transformation of the cybersecurity landscape, particularly the progression of Distributed Denial of Service (DDoS) attacks. Gone are the days when volumetric attacks—aimed at simply overwhelming network bandwidth—were the prime concern. Today, we are facing more sophisticated methods of DDoS attacks that target higher levels of the stack, compelling us to redefine our defence strategies.

Traditionally, volumetric DDoS attacks were prevalent, where the attackers’ main goal was to saturate the bandwidth of the target site or service. These were relatively blunt instruments of disruption: visualise people crowding the entrance of a store so that legitimate customers could not enter.

Mitigation strategies for such attacks primarily involved over provisioning bandwidth and using Content Delivery Networks (CDNs) to absorb the onslaught of traffic.

The landscape has markedly changed and continues to evolve.

Attackers have shifted tactics, advancing to more sophisticated and insidious methods. Instead of merely targeting the network layer, they are now exploiting vulnerabilities at the transport and application layers—Layers 4 and 7 of the Open Systems Interconnection (OSI) model, respectively. These are not merely designed to flood the system with traffic but to smartly disrupt specific aspects of a service or application.

At the transport layer (Layer 4), we see attacks such as SYN floods, which exploit the handshake process of a TCP connection. These are more intricate than volumetric attacks and require less bandwidth to be effective, making them harder to detect and mitigate. The attackers have become more cunning, using fewer resources to achieve greater disruption.

The application layer (Layer 7) is where we see the most complex DDoS attacks.

These target specific functions of a web service, often mimicking a legitimate-looking request, making it even more challenging to distinguish between genuine traffic and attack traffic. For instance, an HTTP flood attack might request a specific URL within a website repeatedly, straining the web server to the point of unresponsiveness.

These advanced attacks require a nuanced approach to defence. At the Macquarie Government’s SOC, we are no longer just looking at the quantity of traffic but also its specific metrics. It’s akin to examining not just the crowd at the store’s entrance but also their behaviour, where they are coming from and what their intentions are—identifying who is actually shopping and who is there to disrupt business.

In the past 6 months we have seen a marked increase in attacks of this nature impacting agencies and disrupting important services.

To fortify against these sophisticated threats, our enhanced security strategy now encompasses a comprehensive multi-layered approach. At the forefront, we now have the option for customers to integrate advanced Australian government cyber security DDoS protection capabilities as part of their defensive infrastructure. This state-of-the-art solution offers superior DDoS mitigation, effectively safeguarding critical infrastructure by detecting and blocking malicious traffic in near-real time.

Alongside our advanced DDoS platform, we continue to leverage behavioural analytics that scrutinise traffic patterns and discern intent, thus maintaining a proactive stance. Our intrusion prevention systems (IPS) remain vigilant, providing an additional layer of defence against unauthorised access attempts. Moreover, the intelligence of our system is constantly evolving, thanks to the implementation of machine learning algorithms that are included with our current infrastructure products (Hybrid Secure Perimeter). These algorithms are designed to enhance the Essential 8 as well as our predictive capabilities, allowing us to anticipate and neutralise emerging threats with accuracy.

By deploying our advanced DDoS platform, we’re not only expanding our protective shield offerings but also ensuring that our response to these dynamic threats is swift and effective, minimising potential disruptions and maintaining the integrity of our service to our customers.

In addition to the above, we engage in constant information sharing with cybersecurity groups and monitor threat actor groups and the forums in which they discuss their attacks. This allows us to stay ahead of trends and prepare for emerging DDoS attack vectors and malicious actors.

Get in touch with us.

As the threat landscape evolves, so too must our defence mechanisms. At Macquarie Government, we are committed to protecting the critical infrastructure of our Government partners through proactive measures against these advanced DDoS attacks. The SOC team works tirelessly to adapt and defend against these shifts, guaranteeing that as attackers climb the OSI model with their strategies, our defence rises in sophistication to meet them.