Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

5/27/2016
11:00 AM
Vincent Berk
Vincent Berk
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Ultimate Guide To DDoS Protection: DDoS Is A Business Problem

In the first of a two-part series, we examine the impact DDoS attacks have on business continuity - and why it is so much more than a network security problem.

DDoS attacks have been around pretty much as long as the Internet’s been around – and they still pose significant risks today for organizations of all sizes and types. But while the network security team is responsible for DDoS prevention, detection, and remediation, it’s not just a network security problem. Because DDoS can shut down an organization for hours – or even days – business repercussions can be significant.

There are many different kinds of DDoS attacks, but they can all be categorized into the following major groups:

Volumetric or connectionless attacks. This is the most common form of DDoS attack and the goal is to overwhelm a site’s bandwidth. These attacks use botnets – networks of infected systems – to flood the target network with so much traffic that operations are slowed or interrupted completely.

TCP state-exhaustion or protocol attacks. These attacks target Web servers, firewalls, load balancers, and other infrastructure elements to disrupt services by exhausting the number of connections these systems can support.

Application-layer or layer-7 attacks. These attacks exploit specific weaknesses in applications, as opposed to network services.

Zero-day attacks. These attacks target previously unknown vulnerabilities in a system or application for which there is no fix or patch yet available. 

The Problem is Growing

The number of DDoS attacks has been increasing and sees no sign of letting up. The Verisign Distributed Denial of Service Trends Report found that DDoS attack activity increased 85% year over year. And the bad news doesn’t stop there. The attacks themselves are getting bigger, with an average attack size of 6.88 Gbps. In the timeframe covered by the report, Verisign mitigated the largest ever attack it has seen at 125 Gbps. The recent attack on the BBC may have been the largest in history – 602 Gbps!

DDoS is Cheap and Easy for Attackers

There are any number of tools freely available on the Internet to help people with malicious intent to perpetrate a DDoS attack. They will need resources to scale the attack, but building a botnet is pretty easy, too. Again, methods and tools are freely available online to help attackers build their own, or they can rent a botnet for as little as $2 per hour or buy a botnet for $700, according to the Wall Street Journal.

With the emergence of DDoS-for-hire or DDoS-as-a-Service, would-be attackers don’t need to have any knowledge or resources at all – just cash. Even this is incredibly cheap – the average cost is reportedly around $40 per hour. These organizations operate as “professional” services with discounts, subscription packages and return policies. They promote themselves as “DDoS simulators” or resources to check your own security defenses – but nothing stops a paying customer from launching an attack on an unsuspecting victim.

The Modern Network is Riddled with Exploit Opportunities

Today’s networks are complex, with a large number of systems, applications, connection points, and protocols. Add mobility and the Internet of things (IoT), and the number of connected devices and components is exploding. With increasing complexity and connection points comes increased potential vulnerabilities that attackers can exploit – which increases security and monitoring challenges. Every system, application, and connection point needs to be built and configured to maximize security and minimize potential vulnerabilities. Using multiple security tools, procedures, and approaches for a defense-in-depth strategy continues to be important.

DDoS Detection: The [Dark] Power of Distributed

Denial of service is the goal of the DDoS attack. But the distributed nature of the attack using botnets – and the use of IP address spoofing – makes the location of the attacking machines difficult to identify. It also makes it more difficult to mitigate because it’s tough to filter based on source address.

Speed is Critical

Kaspersky’s Global IT Security Risks Survey 2014 – Distributed Denial of Service (DDoS) Attacks found that a single DDoS attack can cost companies from $52,000 to $444,000 in lost business and IT spending, depending on the size of the company. This doesn’t even factor in the financial impact of reputational harm. When your organization gets hit by a DDoS attack (no matter what size your company is, it really is a matter of when and not if), you need to be able to detect and respond fast. You need to be able to detect within seconds and mitigate within minutes.

You Detected a DDoS Attack … Now What?

Detecting an attack is just the first step. Once you realize that your organization is under attack, you need to stop the onslaught, but the key is to do this without disrupting legitimate traffic. This requires passing network traffic through “scrubbing” filters. This typically happens in the cloud, which can handle today’s large DDoS attacks, minimizing the impact to your network. 

Related Content:

Dr. Vincent Berk is CEO of FlowTraq with 15 years of IT security and network management experience. He is a member of ACM and the IEEE. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
5/29/2016 | 12:36:33 PM
Ease of Execution
As the article denotes, DDoS is very low in terms of complexity for an attacker to execute. Aside from the fact that it can be so extermely detrimental to a business makes it a dangerous tool in an attackers arsenal. A plausible speculation is that this type of threat will be around for years to come.
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
5/29/2016 | 12:34:16 PM
Effective but Costly
I would recommend, if you had the money to do it, using a traffic scrubber like a prolexic. The traffic is diverted from your network and scrubbed for genuine purpose. Monitoring at the pipe is good too but it has its cons.
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16354
PUBLISHED: 2019-09-16
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.
CVE-2019-16355
PUBLISHED: 2019-09-16
The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files.
CVE-2019-16353
PUBLISHED: 2019-09-16
Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.
CVE-2019-16349
PUBLISHED: 2019-09-16
Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class.
CVE-2019-16350
PUBLISHED: 2019-09-16
ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c.