DDoS attacks: “the cost of doing business online”

Today’s threat landscape is complex and increasingly sophisticated. Opportunistic attacks still occur and are a menace, but targeted attacks are a rapidly growing threat. They are often launched by sophisticated and professional criminal organisations, with motivations ranging from profit to ideological hacktivism. According to Arbor Networks in its recent annual worldwide infrastructure security report, published January 2014, there was a 36% increase in targeted attacks seen by its survey respondents in 2013.

One type of targeted attack that has seen a particular resurgence recently is the distributed denial of service (DDoS) attack. In a recent report, Cisco states that “DDoS attacks should be a top security concern for organisations in the public and private sector in 2014.” According to Ashley Stephenson of Corero Network Security, DDoS attacks can be considered to be the cost of doing business online.

A surge in DDoS attacks has been seen over the past couple of years. In one concerted campaign, the FBI reported that 46 US financial institutions were hit with more than 200 coordinated and timed DDoS attacks from September 2012 to April 2013 alone, causing consumers to lose trust in US banks. But that is just one example and Cisco warns that future campaigns will be even more extensive and will last for extended periods. According to the Arbor Networks report, there has been a dramatic increase in the size of DDoS attacks, with many attacks over 100 Gbps routinely seen—big enough to disrupt any organisation.

But, in many cases, mere business disruption is not the endgame of the attackers. Whilst that is bad enough for any organisation, especially those that use online channels extensively, DDoS attacks are increasingly being used as a distraction, diverting attention and resources away from other exploits occurring simultaneously. Often the real motivations are financial manipulation or a competitive takeout.

A number of vendors, including Arbor and Corero, offer products and services to help organisations to recover from DDoS attacks and these can be extremely useful in limiting the damage that they cause. But organisations also need to do more to shield their networks from harm. Targeted attacks are increasingly getting through network defences, with security controls such as firewalls being increasingly used as a conduit for attack. Arbor states that its customers are increasingly asking how to get visibility across their entire networks to reduce the vulnerabilities that they face.

And it is important that that visibility cuts across all parts of the network, from the data centre to the endpoints that connect to the network. Data centres are being increasingly victimised, with Arbor reporting that many of its survey respondents are seeing more than 100 attacks against their data centres per month, with one-third stating that the attacks are so overwhelming that they exceed the total available internet bandwidth. In terms of endpoints, DDoS attacks against mobile networks have almost doubled over the past year. This is a trend that is likely to continue as mobile devices proliferate and the so-called BYOD phenomenon continues to gain ground. Arbor’s research found that three-quarters of respondents allow the use of personal devices in the workplace, but half of those organisations have no way of identifying, let alone monitoring, what devices are being used on their networks.

An example of where attackers are taking advantage of lax security measures can be seen in the increase of DDoS attacks targeting DNS servers. Neustar states that attacks are being seen that first hit the web resources of organisations with large volumes of web traffic, before moving on to DNS servers, which tend to be more vulnerable. Arbor’s research found that 36% of respondents experienced customer-impacting DDoS attacks against DNS servers in 2013, up 10% from the previous year. It also found that, whilst 85% of respondents operate DNS servers, 26% have no security resources with dedicated responsibility for DNS security.

As we continue into 2014, the predictions from many quarters are that targeted attacks will continue to be a real and ever-growing threat. DDoS attacks, in particular, will continue to be a weapon of choice. Organisations should look not only to appraise themselves of the products and services that are available for helping to recover from such attacks, but should also evaluate their network and endpoint security controls and look to close as many gaps as possible.