“Measures that ought to have been in place to prevent these denial-of-service attacks interfering with access to the website were not put in place. That was a failure that was compounded…”– Australian Prime Minister Malcolm Turnbull
“Mr. Turnbull was commenting on the DDoS attacks that brought down the Australian Online Census website. He went on to describe the attacks as “completely predictable.” And he is right.
Web Applications are under more threat now than ever. Attackers have easy access to applications that can launch complex attacks on thousands of sites at the click of a mouse. These applications are supported by organised groups that even offer voice and chat support. This proliferation of “applications of mass destruction” points to one significant fact –Everyone Is A Target.
In the case of the Australian Census website, there are indications that a ransom note was disregarded. To protect from DDoS attacks, there were only two protections – a Geo-IP block, and standard firewalls. The attacker got around the geo-ip block by simply sending traffic from within the country. Eventually, the firewalls failed, and the website was taken down to prevent data exfiltration from the unprotected site.
Attacks are launched for many reasons – for ransom, to host malware applications…or simply for fun. They succeed in many cases because organisations do not understand the need for a web application firewall, or because they put web security off due to perceived complexity. A WAF is now an absolute necessity for web applications – especially given the sensitivity of the functions provide and the data they host. Any loss of access or data can lead to serious consequences.
Securing your web, mobile and API applications against application layer attacks need not be complex. The Barracuda Web Application Firewall is an award winning Web Application Firewall that is easy to deploy and configure. The Barracuda Web Application Firewall is available on every platform – Hardware, Virtual and Cloud – and provides complete security against application attacks.
To learn more about the Barracuda Web Application Firewall and how it protects your web, mobile and API applications, please refer to these whitepapers:
- Barracuda Web Application Firewall secures your website against the Top 10 Threats.
- Defending against Application-based DDoS Attacks with the Barracuda Web Application Firewall
- Secure your Mobile and IoT applications using the Barracuda Web Application Firewall
Tushar Richabadas is a Product Manager for the Barracuda Web Application Firewall team in our India office. You can connect with him on LinkedIn here.