Cloud

9/21/2017
10:00 AM
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Why Size Doesn't Matter in DDoS Attacks

Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention."

Distributed denial-of-service (DDoS) attacks have increased, and research shows that on average, a DDoS attack can cost an organization more than $2.5 million in revenue. As a small or medium-sized business owner, you may be thinking "hackers only use DDoS on the big boys" or "I'm not big enough for them to care." But these disruptive attacks are getting worse, and they're moving downstream. Today, they affect everyone from the largest organizations to smaller companies that are being hit either directly, or as a by-product of one of their service providers being attacked.

In a sampling of customers, Neustar found in a recent study that 78% of organizations that generate $50 million to $99 million per year had experienced a DDoS attack at least once in the last 12 months, and of those organizations attacked, 86% were hit more than once. Small and midsize companies are tempting targets because often they are armed less with heavy tech investments, services, and staff.

Companies also often overestimate the "protection" offered by ISPs and cloud service providers, such as Amazon Web Services. These organizations can only provide so much protection. Their priorities are protecting their backbone and availability services for all customers, not protecting any specific entity. When DDoS attacks become too large and create collateral impact, all traffic to that targeted host starts getting blocked or "blackholed." This effectively takes those businesses offline. To add insult to injury, often if you rely on an ISP or cloud service provider, it will not only bring down your site but also charge you for the traffic overages that happened during a DDoS attack. 

Additionally, attackers perform reconnaissance on targeted infrastructures, and it is easy to identify Domain Name Servers (DNS) service providers for online sites. Because of financial and technical acumen factors, many growing businesses opt to provide their own DNS service. This is not difficult and requires little maintenance. The downside is that DNS is an inherently vulnerable service because it needs to be exposed in order to work.

When attackers scout targets, they understand that large DNS providers are highly redundant and highly resilient. In comparison, organizations managing their own service are far more likely to be susceptible to failure and collapse with the right cyber attack. This makes self-managed DNS organizations more-tempting targets, not only because their DNS is easier to attack but also because self-managed DNS often lacks the resiliency and redundancy that make it more difficult to take down and is also likely an indicator of additional (and vulnerable) self-managed security within an organization.

SMBs Are Hot Targets for DDoS Attacks
Neustar research data on almost 200 midsize businesses (organizations that generate $50 million to $90 million per year) found the following in trends in SMB DDoS attacks over the last year:

  • 78% of SMBs were attacked at least once in the last 12 months, with 86% of those attacked hit more than once, and 34% of those attacked hit more than five times, indicating they had become tempting targets.
  • 38% saw malware activated during DDoS attacks, demonstrating a vulnerability to phishing and coordinated assaults on SMBs by savvy attackers.
  • 32% lost customer data records in concert with DDoS attacks, indicating a specific, targeted attack on a more vulnerable target. In many cases, a loss of data required a subsequent disclosure in line with industry regulations (PCI, HIPAA, and other compliance).
  • 20% of those attacked also experienced ransomware along with the DDoS attack, resulting in either further ransom payments that had to be made, or additional downtime or other actions required to re-establish services and access to data.
  • 52% needed more than three hours to detect and determine a DDoS was underway. Once detected, 43% needed more than three hours to respond to a DDoS attack once identified, likely because of limited investment and resources, and overestimation of protection offered by ISPs and cloud providers.

Because DDoS attacks have grown in severity and scale, small and midsize businesses should be vigilant to the fact that they are increasingly attractive targets. Although cloud and hosting providers can offer some level of protection, these businesses should remember that a hosting provider's priority will always be to keep its backbone and basic services up, and individual site vulnerability will always come second. These organizations must educate themselves about the variety of DDoS protections available in the marketplace and determine which options can cost-effectively meet their needs.

Here are the top five questions that organizations should ask their DDoS protection providers:

  • What layers of protection do you offer? Because no single protection is failsafe, the answer to this question will help an organization understand the methods and technologies being used to protect its site.
  • How variable is the cost of prevention? If I'm hit with a really big attack, will the mitigation costs spike to the point that I can't afford them?
  • What is your average response time? Even the largest cloud providers often have a surprisingly slow response times. Smaller organizations in particular should ensure that they won't be put at the bottom of a priority list in the event of attack, making their likely response times even longer.
  • What is the size of your network that's protecting me? This will indicate how large an attack a provider can withstand.
  • Where are your DDoS mitigation facilities located globally? This helps organizations understand if DDoS mitigation capabilities comply with the various regulations that vary by country.

As large enterprises become more sophisticated in their DDoS defenses, small and midsize organizations will continue to become an increasingly attractive target for attackers. Start asking these questions and putting in place protections now, before your brand, reputation, and bottom line take a hit from these attacks. 

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Nicolai Bezsonoff is the General Manager of Security Solutions at Neustar. He spearheads the company's industry-leading DDoS, DNS, and IP intelligence solutions, including its cybersecurity operations. Previously, he was the co-founder and COO of .CO Internet, a successful ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
vandabouillet
100%
0%
vandabouillet,
User Rank: Apprentice
9/25/2017 | 5:52:10 AM
Yes!
I totally agree. It doesn't matter if your society is a small one or a big one, but every one of them should secure their infrastructure.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I'm not sure I like this top down management approach!"
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17338
PUBLISHED: 2018-09-23
An issue has been found in pdfalto through 0.2. It is a heap-based buffer overflow in the function TextPage::dump in XmlAltoOutputDev.cc.
CVE-2018-17341
PUBLISHED: 2018-09-23
BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI.
CVE-2018-17332
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextPathField function in svg_string.c returns its input pointer in certain circumstances, which might result in a memory leak caused by wasteful malloc calls.
CVE-2018-17333
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in svgStringToLength in svg_types.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because sscanf is misused.
CVE-2018-17334
PUBLISHED: 2018-09-22
An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because a strncpy copy limit is miscalculated.