Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

5/27/2016
11:00 AM
Vincent Berk
Vincent Berk
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Ultimate Guide To DDoS Protection: DDoS Is A Business Problem

In the first of a two-part series, we examine the impact DDoS attacks have on business continuity - and why it is so much more than a network security problem.

DDoS attacks have been around pretty much as long as the Internet’s been around – and they still pose significant risks today for organizations of all sizes and types. But while the network security team is responsible for DDoS prevention, detection, and remediation, it’s not just a network security problem. Because DDoS can shut down an organization for hours – or even days – business repercussions can be significant.

There are many different kinds of DDoS attacks, but they can all be categorized into the following major groups:

Volumetric or connectionless attacks. This is the most common form of DDoS attack and the goal is to overwhelm a site’s bandwidth. These attacks use botnets – networks of infected systems – to flood the target network with so much traffic that operations are slowed or interrupted completely.

TCP state-exhaustion or protocol attacks. These attacks target Web servers, firewalls, load balancers, and other infrastructure elements to disrupt services by exhausting the number of connections these systems can support.

Application-layer or layer-7 attacks. These attacks exploit specific weaknesses in applications, as opposed to network services.

Zero-day attacks. These attacks target previously unknown vulnerabilities in a system or application for which there is no fix or patch yet available. 

The Problem is Growing

The number of DDoS attacks has been increasing and sees no sign of letting up. The Verisign Distributed Denial of Service Trends Report found that DDoS attack activity increased 85% year over year. And the bad news doesn’t stop there. The attacks themselves are getting bigger, with an average attack size of 6.88 Gbps. In the timeframe covered by the report, Verisign mitigated the largest ever attack it has seen at 125 Gbps. The recent attack on the BBC may have been the largest in history – 602 Gbps!

DDoS is Cheap and Easy for Attackers

There are any number of tools freely available on the Internet to help people with malicious intent to perpetrate a DDoS attack. They will need resources to scale the attack, but building a botnet is pretty easy, too. Again, methods and tools are freely available online to help attackers build their own, or they can rent a botnet for as little as $2 per hour or buy a botnet for $700, according to the Wall Street Journal.

With the emergence of DDoS-for-hire or DDoS-as-a-Service, would-be attackers don’t need to have any knowledge or resources at all – just cash. Even this is incredibly cheap – the average cost is reportedly around $40 per hour. These organizations operate as “professional” services with discounts, subscription packages and return policies. They promote themselves as “DDoS simulators” or resources to check your own security defenses – but nothing stops a paying customer from launching an attack on an unsuspecting victim.

The Modern Network is Riddled with Exploit Opportunities

Today’s networks are complex, with a large number of systems, applications, connection points, and protocols. Add mobility and the Internet of things (IoT), and the number of connected devices and components is exploding. With increasing complexity and connection points comes increased potential vulnerabilities that attackers can exploit – which increases security and monitoring challenges. Every system, application, and connection point needs to be built and configured to maximize security and minimize potential vulnerabilities. Using multiple security tools, procedures, and approaches for a defense-in-depth strategy continues to be important.

DDoS Detection: The [Dark] Power of Distributed

Denial of service is the goal of the DDoS attack. But the distributed nature of the attack using botnets – and the use of IP address spoofing – makes the location of the attacking machines difficult to identify. It also makes it more difficult to mitigate because it’s tough to filter based on source address.

Speed is Critical

Kaspersky’s Global IT Security Risks Survey 2014 – Distributed Denial of Service (DDoS) Attacks found that a single DDoS attack can cost companies from $52,000 to $444,000 in lost business and IT spending, depending on the size of the company. This doesn’t even factor in the financial impact of reputational harm. When your organization gets hit by a DDoS attack (no matter what size your company is, it really is a matter of when and not if), you need to be able to detect and respond fast. You need to be able to detect within seconds and mitigate within minutes.

You Detected a DDoS Attack … Now What?

Detecting an attack is just the first step. Once you realize that your organization is under attack, you need to stop the onslaught, but the key is to do this without disrupting legitimate traffic. This requires passing network traffic through “scrubbing” filters. This typically happens in the cloud, which can handle today’s large DDoS attacks, minimizing the impact to your network. 

Related Content:

Dr. Vincent Berk is CEO of FlowTraq with 15 years of IT security and network management experience. He is a member of ACM and the IEEE. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
5/29/2016 | 12:34:16 PM
Effective but Costly
I would recommend, if you had the money to do it, using a traffic scrubber like a prolexic. The traffic is diverted from your network and scrubbed for genuine purpose. Monitoring at the pipe is good too but it has its cons.
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
5/29/2016 | 12:36:33 PM
Ease of Execution
As the article denotes, DDoS is very low in terms of complexity for an attacker to execute. Aside from the fact that it can be so extermely detrimental to a business makes it a dangerous tool in an attackers arsenal. A plausible speculation is that this type of threat will be around for years to come.
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15132
PUBLISHED: 2019-08-17
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocki...
CVE-2019-15133
PUBLISHED: 2019-08-17
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
CVE-2019-15134
PUBLISHED: 2019-08-17
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloo...
CVE-2019-14937
PUBLISHED: 2019-08-17
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.
CVE-2019-13069
PUBLISHED: 2019-08-17
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service.