Five best practices for government to combat DDoS

Ahead of the recent European Union elections in June 2024, pro-Russia hacktivists threatened to launch extensive distributed denial of service (DDoS) attacks on the region’s internet infrastructure.

The Register recently reported that government agencies in the US, UK and Canada said they were aware of hacktivists targeting water and energy systems and other critical sectors.

Government entities, traditionally confronted with these and other types of cybersecurity threats, are now confronted with an added layer of risk through web-based DDoS attacks that can severely disrupt vital civic services.

“These attacks are often orchestrated by state-backed actors or hacktivist groups, who exploit the online infrastructure to hamper the delivery of essential government services, paralysing websites, communication channels and digital platforms,” says Radware’s Vice President and Managing Director for Asia-Pacific and Japan, Yaniv Hoffman, to GovInsider.

In the face of geopolitical tensions and conflicts, hacktivist groups are utilising DDoS attacks to exert their influence and make their voices heard.

“Attacks against government agencies are especially effective due to their high-profile nature and ability to create noticeable disruptions in services that citizens rely on,” he explains.

Hoffman shares five best practices for public sector organisations to shield themselves from DDoS attacks and prevent service disruption.

1. Reduce false positives with behavioral-based detection

When web DDoS attacks strike – a more sophisticated form of attack – it can be difficult to discern between legitimate and attack traffic, says Hoffman. DDoS protection backed by behavioral-based, artificial intelligence (AI)-powered detection is the best form of defense.

Traditional protection solutions, on the other hand, are prone to producing high levels of false positive and blocking legitimate users, he adds. This is because traditional solutions typically rely on brute force measures, such as volumetric detection, rate limiting and geo-blocking.

Radware solves for this challenge by tapping into behavioral-based detection to automatically and accurately distinguish between legitimate and malicious traffic, resulting in better protection with fewer false positives.

“The approach focuses not only on traffic volumes but also on behavioral characteristics of the incoming requests,” he says.

2. Deploy always-on cloud DDoS protection

An always-on cloud DDoS solution means that application and network traffic are routed through the security provider’s cloud security scrubbing centre or point of presence.

“This ensures that all incoming connections go through the security provider’s checks to prevent malicious requests from reaching protected networks or applications,” says Hoffman.

3. Implement dedicated Web DDoS protection for more sophisticated attacks

Organisations’ DDoS defenses need to include dedicated protections to address more sophisticated attacks, such as HTTPS DDoS floods – also known as Web DDoS Tsunami floods, says Hoffman.

These aggressive, volumetric attacks use IP spoofing, cookie harvesting, request parameter randomization, and more to evade traditional protection techniques such as rate limiting, geo-blocking and access controls, he adds.

As more citizen services move online, it’s particularly important for governments to use dedicated web DDoS protections to safeguard their web assets, such as websites, emergency and national security systems, online services and other outbound-facing web assets.

“Just because organizations have standard WAFs or network-based DDoS mitigation in place, they should not take for granted that they are adequately protected,” he says.

4. Consider a hybrid solution for full protection

Government organisations typically have large, open computer networks which are easily accessible by outside visitors, Hoffman says. This makes them vulnerable to DDoS attacks from within the network, which could not be mitigated by an external cloud security service.

While it is recommended to deploy a cloud solution to enjoy the scale of cloud scrubbing networks, combining an on-premises appliance with a cloud service is a key point of consideration for organisations that have sufficient size and need.

5. Consider outsourcing a fully managed security service

“Another way to augment in-house IT and security is to make use of a fully managed security service,” says Hoffman, as an option for organisations in the public sector.

Often, organisations lack the resources and personnel needed for in-house IT and security. As a result, they don’t have the experience and bandwidth to deal with massive DDoS attacks, he shares.

Using a managed security service as part of DDoS protection enables organisations to extend their capabilities and benefit from the backing of a team of security experts when under attack.

Read the Radware Case Study for ASAC and how the solution guaranteed 100% Blocking of DDoS Attacks Against their Cloud Infrastructure. Please complete your details access the document: