Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

9/21/2017
10:00 AM
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Why Size Doesn't Matter in DDoS Attacks

Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention."

Distributed denial-of-service (DDoS) attacks have increased, and research shows that on average, a DDoS attack can cost an organization more than $2.5 million in revenue. As a small or medium-sized business owner, you may be thinking "hackers only use DDoS on the big boys" or "I'm not big enough for them to care." But these disruptive attacks are getting worse, and they're moving downstream. Today, they affect everyone from the largest organizations to smaller companies that are being hit either directly, or as a by-product of one of their service providers being attacked.

In a sampling of customers, Neustar found in a recent study that 78% of organizations that generate $50 million to $99 million per year had experienced a DDoS attack at least once in the last 12 months, and of those organizations attacked, 86% were hit more than once. Small and midsize companies are tempting targets because often they are armed less with heavy tech investments, services, and staff.

Companies also often overestimate the "protection" offered by ISPs and cloud service providers, such as Amazon Web Services. These organizations can only provide so much protection. Their priorities are protecting their backbone and availability services for all customers, not protecting any specific entity. When DDoS attacks become too large and create collateral impact, all traffic to that targeted host starts getting blocked or "blackholed." This effectively takes those businesses offline. To add insult to injury, often if you rely on an ISP or cloud service provider, it will not only bring down your site but also charge you for the traffic overages that happened during a DDoS attack. 

Additionally, attackers perform reconnaissance on targeted infrastructures, and it is easy to identify Domain Name Servers (DNS) service providers for online sites. Because of financial and technical acumen factors, many growing businesses opt to provide their own DNS service. This is not difficult and requires little maintenance. The downside is that DNS is an inherently vulnerable service because it needs to be exposed in order to work.

When attackers scout targets, they understand that large DNS providers are highly redundant and highly resilient. In comparison, organizations managing their own service are far more likely to be susceptible to failure and collapse with the right cyber attack. This makes self-managed DNS organizations more-tempting targets, not only because their DNS is easier to attack but also because self-managed DNS often lacks the resiliency and redundancy that make it more difficult to take down and is also likely an indicator of additional (and vulnerable) self-managed security within an organization.

SMBs Are Hot Targets for DDoS Attacks
Neustar research data on almost 200 midsize businesses (organizations that generate $50 million to $90 million per year) found the following in trends in SMB DDoS attacks over the last year:

  • 78% of SMBs were attacked at least once in the last 12 months, with 86% of those attacked hit more than once, and 34% of those attacked hit more than five times, indicating they had become tempting targets.
  • 38% saw malware activated during DDoS attacks, demonstrating a vulnerability to phishing and coordinated assaults on SMBs by savvy attackers.
  • 32% lost customer data records in concert with DDoS attacks, indicating a specific, targeted attack on a more vulnerable target. In many cases, a loss of data required a subsequent disclosure in line with industry regulations (PCI, HIPAA, and other compliance).
  • 20% of those attacked also experienced ransomware along with the DDoS attack, resulting in either further ransom payments that had to be made, or additional downtime or other actions required to re-establish services and access to data.
  • 52% needed more than three hours to detect and determine a DDoS was underway. Once detected, 43% needed more than three hours to respond to a DDoS attack once identified, likely because of limited investment and resources, and overestimation of protection offered by ISPs and cloud providers.

Because DDoS attacks have grown in severity and scale, small and midsize businesses should be vigilant to the fact that they are increasingly attractive targets. Although cloud and hosting providers can offer some level of protection, these businesses should remember that a hosting provider's priority will always be to keep its backbone and basic services up, and individual site vulnerability will always come second. These organizations must educate themselves about the variety of DDoS protections available in the marketplace and determine which options can cost-effectively meet their needs.

Here are the top five questions that organizations should ask their DDoS protection providers:

  • What layers of protection do you offer? Because no single protection is failsafe, the answer to this question will help an organization understand the methods and technologies being used to protect its site.
  • How variable is the cost of prevention? If I'm hit with a really big attack, will the mitigation costs spike to the point that I can't afford them?
  • What is your average response time? Even the largest cloud providers often have a surprisingly slow response times. Smaller organizations in particular should ensure that they won't be put at the bottom of a priority list in the event of attack, making their likely response times even longer.
  • What is the size of your network that's protecting me? This will indicate how large an attack a provider can withstand.
  • Where are your DDoS mitigation facilities located globally? This helps organizations understand if DDoS mitigation capabilities comply with the various regulations that vary by country.

As large enterprises become more sophisticated in their DDoS defenses, small and midsize organizations will continue to become an increasingly attractive target for attackers. Start asking these questions and putting in place protections now, before your brand, reputation, and bottom line take a hit from these attacks. 

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Nicolai Bezsonoff is the General Manager of Security Solutions at Neustar. He spearheads the company's industry-leading DDoS, DNS, and IP intelligence solutions, including its cybersecurity operations. Previously, he was the co-founder and COO of .CO Internet, a successful ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
vandabouillet
100%
0%
vandabouillet,
User Rank: Apprentice
9/25/2017 | 5:52:10 AM
Yes!
I totally agree. It doesn't matter if your society is a small one or a big one, but every one of them should secure their infrastructure.
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
AWS CISO Talks Risk Reduction, Development, Recruitment
Kelly Sheridan, Staff Editor, Dark Reading,  6/25/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12888
PUBLISHED: 2019-06-26
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-12887. Reason: This candidate is a reservation duplicate of CVE-2019-12887. Notes: All CVE users should reference CVE-2019-12887 instead of this candidate. All references and descriptions in this candidate have been removed to preve...
CVE-2019-12280
PUBLISHED: 2019-06-25
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.
CVE-2019-3961
PUBLISHED: 2019-06-25
Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users browse...
CVE-2019-9836
PUBLISHED: 2019-06-25
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.
CVE-2019-6328
PUBLISHED: 2019-06-25
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.