Botnets in Focus: Five Tips for Robust Cyber Defence

Effective Measures Against DDoS Attacks

Dec 26, 2023 - 3 min.

Zurich, December 2023 – Botnet attacks are becoming increasingly sophisticated and frequent. Cybercriminals use them not only to steal user data or to disseminate false information but also to deliberately overload websites. Distributed denial-of-service attacks (DDoS) impair the availability of services – and can have a substantial economic impact if a website is no longer accessible, for instance. Cybercriminals are also increasingly targeting the financial sector, as the recent study ‘State of the Internet’ by Akamai shows. The report also highlights an increase in the number of DDoS attacks across the EMEA in the past year.

The threat posed by botnets and DDoS attacks is forcing companies to take a proactive approach to protecting their digital infrastructure. Nevis Security AG offers companies five tips on how they can successfully detect and prevent these types of attacks:

  • Implementing adaptive authentication

Modern security services are designed to create an adaptable system to guarantee IT security. It is therefore essential to incorporate adaptive authentication. The continuous analysis of user behaviour enables the creation of individual behaviour profiles for people, which can then serve as a reference for future authentications. Based on data collected and individual behaviour profiles, it is possible to conduct a more accurate risk assessment. If obvious differences in behaviour are detected, additional security measures such as multi-factor authentication (MFA) can be deployed. This approach allows unusual access attempts and suspicious activities to be detected and stopped at an early stage.

  • Relying on threat intelligence services

The integration of threat intelligence services into a CIAM solution is crucial to guaranteeing comprehensive and proactive defence against the latest threats, such as DDoS attacks by botnets. Companies are continuously informed via the services about new cyber threats. They also provide specific data about known botnets and other infrastructures operated by the bad actors behind DDoS attacks. This data is also useful for automating security measures. If the services alert the system to an attack, the system can then automatically launch suitable measures to minimize the effects and increase security. In the event of a security incident, threat intelligence services also enable a detailed forensic analysis that companies can then use to adapt and improve their security strategy.

  • Using biometrics and behavioural analyses

Companies need to introduce biometric authentication and behavioural analyses to better protect themselves against DDoS attacks. By doing so, they can ensure that only legitimate users are able to log on and not hackers who have stolen credentials or purchased them on the Darknet. Corresponding analyses not only check a user’s knowledge of a password, for example, but also their behaviour. Suspicious activities can be more effectively detected if anomalies in the user’s behaviour are identified. Companies can also manage their security measures accordingly.

  • Focussing on API security and rate limiting

Secure API communication and the deployment of rate-limiting mechanisms will limit the unusual spikes in request rates that can often indicate DDoS attacks. Companies should rely on secure and therefore encrypted communication via APIs. One way to do this is to implement the HTTPS (TLS/SSL) communication protocol. Furthermore, the latest authentication mechanisms such as API keys, Open Authorization (OAuth) and JSON Web Token (JWT) guarantee that only authorised users and applications have access to an interface.

Companies can also use the available rate-limiting mechanisms to limit the number of requests in a specific period. By doing so, they prevent an individual user or bad actor from overwhelming the system with a very large number of simultaneous requests. However, legitimate users can sometimes also send multiple simultaneous requests. To avoid blocking these users, companies should integrate options for greater flexibility at an early stage.

  • Ongoing user training

DDoS attacks often start with social-engineering and phishing attacks. It is important that companies not only train their employees about these threats but also make end users aware of them. This type of training can include recent examples and case studies of successful as well as failed attacks. Discussing specific scenarios can raise the security awareness of users and clarify the consequences of insecure behaviour. Companies also need to encourage their employees and users to report suspicious activities and promote secure habits such as the use of release and access permissions.

Stephan Schweizer, CEO of Nevis Security AG, emphasizes: ‘Implementing cybersecurity is not a one-time event for companies. On the contrary, cybersecurity requires constant vigilance. The threat landscape is continuously evolving, which means that companies must regularly update and improve their defence measures to keep pace with the latest attack techniques. By implementing the principles we have suggested, companies can lay a solid foundation for their defence against botnets and DDoS attacks.’

###

About Nevis

Nevis develops security solutions for the digital world of tomorrow. Its portfolio encompasses passwordless logins, which are intuitive to use and offer optimal protection for user data. Nevis is the market leader for Identity and Access Management in Switzerland and secures over 80 percent of all online banking transactions. Public authorities, leading service providers, and industrial enterprises worldwide rely on Nevis solutions. The authentication specialist has locations in Switzerland, Germany, UK and Hungary.

Press Contact

LEWIS Communications GmbH
Mareike Funke, nevis-security@teamlewis.com