A recent article shared by Cloudflare, ' DDoS attack trends for 2022 Q2,' revealed that attacks on Cypriot targets increased by 167% quarter to quarter, and at the same time, it revealed as an even more exciting statistic, Cyprus is the #2 most attacked country in the world during the same period. To some, the above stats seem shocking or even worrying, but there is an explanation for it.

Let's start with a fact worth mentioning, DDoS attacks (Distributed Denial of Service) are not something new to Cyprus, there have been such attacks around since I can remember my first steps in the industry 15 years ago (and indeed even before that). At the same time, such attacks are continuously on the rise, appear more frequently, and have longer durations, probably due to the country being a vital part of the financial industry, particularly the Forex industry being a magnet of various Cyber-attacks.

DDoS aims to disrupt the normal operation of a website, web application, or web service by using unwanted traffic typically originating from a botnet (thousands of infected computers and other devices). It can bring down complete infrastructures, and an attack always has the aim of causing the target's service disrupted by making it unavailable, causing extensive harm to an organization, like reputation damage, loss of revenue, and loss of customers.

The Prime Target

Forex Brokers are one of the most attractive targets of attackers. Not only because their business depends almost solely on the availability of their customer portals but because their end customers are very demanding and sensitive when it comes to the availability of those portals and do not tolerate disruptive events so well. Furthermore, Forex Brokers are known to be wealthy organizations, making perfect sense for an attacker to focus on them.

At the same time, Forex Brokers usually operate across multiple markets with clients worldwide. Such brokers with a broader international reach out also face an increased attack surface. The wider their reach, the broader their brand awareness reaches, and the more attention they attract.

A third reason why Forex Brokers are typically more vulnerable to DDoS attacks (and generally to Cyberattacks) than other financial institutions is their rapid growth and short go-to-market speed, a combination that most of the time leaves gaps in their overall Cybersecurity strategy, something that requires a lot of time to mature and develop.

A Money-Making Strategy

Recently, DDoS attacks started appearing with an accompanying email asking for cryptos in exchange for stopping the attack (DDoS extortion attacks), making DDoS attacks a new way for criminal networks to make money and hide behind untraceable paths of crypto, giving DDoS overall a new dynamic. For those people doing it, it has become a business with good returns and no longer just an achievement for fame.

Now back to Cyprus and DDoS. The country is an island with much less bandwidth (internet connectivity) than mainland countries. Less bandwidth availability means it is easier to fill up that sea cable arriving in the country with malicious traffic, making a DDoS strategy a considerable challenge not only to the companies being attacked but the whole backbone of the country's internet service providers. A DDoS attack on a company located in Cyprus can bring down an entire ISP network because that cable fills up 100%, causing anyone behind it to suffer.

This is one of the reasons companies rely on actual 100% uptime of their services, moving some of their critical services to data centers in the EU mainland. But what about the services that need to be situated in the country? What about company offices relying on the internet? What about Government services and critical infrastructure providers? They all remain vulnerable.

The patterns are not deviating throughout 2022, and it seems a new wave of attacks started in Q1 2023. Specifically, we noticed DDoS attacks targeting our customers increasing in numbers in the last couple of weeks and shorter in duration at the same time, without any accompanied emails asking for funds to stop, which makes us believe we are looking probably at a preflight check of attackers trying to find vulnerable targets before launching a full-scale attack.

Preparations Against DDoS Attacks

How can anyone get prepared and protected? DDoS attacks can only be prevented by DDoS protection solutions in combination with DDoS protection providers, and most of the answers are ineffective mainly for two reasons:

1. Attack traffic reaches the destination before it gets detected. Most DDoS protection solutions use local equipment that analyzes traffic and uses various heuristics to determine when an attack starts. If the answer doesn't detect the attack in time, it might be too late and can still bring the target infrastructure down. An effective DDoS protection strategy would require the attack to stop before entering the target infrastructure.
2. DDoS protection solutions many times do not work. Companies pay tens of thousands of euros per month, yet when they get attacked, they go down. We see this happening with on-demand solutions (which means the protection standby is waiting to kick in – not ON) due to BGP convergence times or simply because ISPs are not honoring the AS path policy. In non-techy words, such solutions rely on third parties and assume that all parties are 'compliant.'

DDoS protection is expensive, especially if someone needs to protect infrastructure. The biggest headache is shifted to the ISPs since an attack on any of their customers immediately means stability problems to their whole backbone network. As mitigation, some ISPs implemented traffic steering techniques (route traffic through other locations) to force traffic to come through mainland scrabbing centers (DDoS protection providers), and some simply blackhole target IP addresses, which in simple words means "let's put the target business temporarily offline to avoid the risk of the whole ISP network go down with it."

At Matworks, we have carefully considered the various options for DDoS attack protection and have determined that the modern approach of blocking attacks at the source is the most effective solution for countries like Cyprus. That's why we have strategically partnered with Cloudflare, utilizing their Magic Transit technology to protect infrastructures, combined with their L7 DDoS and WAF protection. This comprehensive solution is both efficient and reliable, providing companies with the peace of mind they need to focus on their business operations. We understand that budget constraints can challenge many companies seeking adequate DDoS protection. That's why we have developed a flexible model that can accommodate businesses of any size.