Kuwait and Saudi Arabia are top targets for DDoS attacks in Middle East

For network security experts, DDoS attacks are nothing new. The sudden surge of network data can slow down or cripple an entire network within minutes unless security measures are already in place.

For telecom operators in particular, DDoS attacks are even more of a nuisance. The chance that subscriber services are interrupted or slowed down is a risk that no one wants to take, and for regional operators it’s a daily challenge  to keep DDoS attacks at bay.

“Most of the security market operates by waiting for a particular problem, and then trying to deal with the problem when it happens,” said Alaa Hadi, Regional Director - High Growth Markets (Russia/CIS & Middle East) Arbor Networks. Speaking at GITEX Technology Week, Hadi outlined what Arbor is doing in order to keep regional companies safe from mounting DDoS attacks. “For us, we emphasize on visibility as a much more efficient way to deal with problems. Financial services can spend up to seventy days with a vulnerable attack infiltrating their network. By the time they realize that they’ve been compromised, it’s either too late or the problem is far too complex to fix easily.”

Arbor’s ATLAS initiative analyzes data provided by over 335 ISPs to look at security trends and monitor attack patterns. For the Middle East, the system revealed the following statistics:

  • More than 23K attacks a month, higher than in 2016
  • Significant increase in rate of attacks in April and May
  • Most attacked countries are Kuwait and Saudi Arabia
  • Global peak to date is 140Gbps, target in Saudi Arabia
  • 38% of attacks are over 1Gbps, same as in 2016
  • Main attack vectors are DNS and NTP reflection/amplification

Attacks seemed to have peaked in the months of April and May, though it’s hard to specifically pinpoint particular reasons why.

“ATLAS monitors one third of Internet traffic worldwide from over 400 participating internet providers,” says Hadi. We use this anonymous data to expand our visibility of patterns and advanced threats, and it really helps our customers in the long run. Threats are all about patterns – if you identify certain patterns, you can quickly drill down on data that has triggered a suspicious pattern, and investigate accordingly. DDoS attacks historically have worked by just pumping out large volumes of data, but now the attacks are more intelligent and directly attack the application layer. Rather than just flooding a network with random data, attacks now target a specific part of the network which is known to be vulnerable, such as a web portal. We’ve seen deliberate attacks like these against specific companies or countries, which makes them even more dangerous.”

The UAE alone experienced 5% of worldwide DDoS attacks in 2016, which is a figure that shouldn’t be taken lightly. As attacks increase in frequency and size, companies in the region need to better manage their networks to cope with these kind of attacks, or will face constant network disruptions and downtime.  Elsewhere, Saudi Arabia is also frequently targeted, but security measures currently in place means that very rarely do infrastructure disruptions occur. Telecoms bear the brunt of most of these DDoS attacks, but both government and semi-government entities have come under recent attacks, expanding onward to reach the healthcare sector as well.

“It’s very difficult to have the right tools all the time and have a secure perimeter around your network, but start with the basics and work from there,” suggests Hadi. “Our solutions are easily scalable for all kinds of enterprise customers, which gives on-premises support and security for your network. We integrate both cloud and local services to provide the best protection, which helps make the solutions affordable while still being very responsive”