Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12:00 PM
Vincent Berk
Vincent Berk
Connect Directly
E-Mail vvv

6 Reasons ISPs Must Step Up Defenses Against DDoS Attacks

Conducting a DDoS attack used to require a significant amount of talent. But today, a high school student with basic hacking skills can access tools that will challenge even the most experienced ISP security teams.

One of the many issues ISPs face (as if ever-tightening government regulations and fickle customers weren't enough) is the Distributed Denial of Service (DDoS) attack. Due to the public nature of ISPs, they are frequent targets of such threats. In fact, a recent study from Verisign indicates that the industry most frequently targeted by DDoS attacks is IT services/Cloud/SaaS, representing 32 percent of mitigation activity in Q4 2015, with attacks averaging 7 Gbps in size.

DDoS attacks are different than Denial of Service (DoS) attacks in that hackers leverage numerous computers to conduct a DDoS attack, making them particularly frustrating and difficult to defend against. Security experts fear that there will be a considerable uptick in both the frequency and the severity of the attacks in 2016.

Here are six reasons your ISP needs to beef up security to thwart such attacks now.

1. DDoS Attacks Cost You Customers

DDoS attacks can last for just a few minutes, or for many hours – but in any case, they can lead to the loss of revenue and the loss of valuable customers.

In fact, according to a January 2016 report from Ponemon Institute, the average cost of a data center outage has steadily increased from $505,502 in 2010 to $740,357 today – figures which include lost revenue as well as “reputational damages, customer churn and lost business opportunities.”

2. DDoS Attacks Cost You Customer Service Ratings

Even when customers don't leave, their opinion of you and your business can suffer. DDoS attacks are often intentionally levied at the worst possible times – during the holiday shopping season or around tax season. When service goes down during these high-traffic times, customer experience can be negatively impacted, hurting your overall reputation.

3. Multiple DDoS Attacks Can Occur in a Short Period of Time

Verisign observed more attacks in Q4 2015 than in any other quarter since the inception of its reporting (beginning in Q1 2014). Attackers were very persistent, hitting targets with repeated attacks over the course of the quarter, some as frequently as 16 times. This becomes frustrating and expensive for IT teams dealing with multiple, sustained attacks and for customers growing tired of service interruptions and excuses.

4. DDoS Attack Tools are Becoming More Sophisticated

Why are DDoS attacks becoming so prevalent? One reason is that hackers can gain easy access to the tools that make such attacks so simple to launch. These tools are readily available on forum groups and on the Dark Web. While conducting a sophisticated attack used to require a significant amount of skill and talent, new tools make it easy enough for a high school student with basic hacking skills to coordinate a DDoS attack, even against ISPs with experienced IT teams and a solid security system in place.

5. DDoS Attacks Are Becoming Harder to Detect

Hackers are also changing their technique. Many hackers are working with the support of various governments or terrorist organizations, which have deep pockets and a high degree of motivation. This brand of hacker is known for conducting much savvier attacks. Slow and low attacks deteriorate service or lead to denial of service for customers, but are harder to detect. These attacks can also be sustained for long periods of time, making life more difficult for even the most prepared IT security teams.

6. The IoT is Becoming a New Weapon for the DDoS Attacker

Gartner predicts that there will be as many as 21 billion IoT devices in use by the year 2020, with more added to the mix each year. With access to more devices than ever, hackers are leveraging these devices to conduct and launch attacks.

As the opportunities for attacks continue to rise, ISPs need to be sure they have the right solution in place to protect against and manage DDoS threats. Having the knowledge, tools, and techniques necessary for fast DDoS detection and analysis can help alleviate the risk of dangerous network threats and avoid costly attacks.

Related Content:


Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Dr. Vincent Berk is CEO of FlowTraq with 15 years of IT security and network management experience. He is a member of ACM and the IEEE. View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-12-02
An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send m...
PUBLISHED: 2020-12-02
An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability.
PUBLISHED: 2020-12-02
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an atta...
PUBLISHED: 2020-12-02
A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could...
PUBLISHED: 2020-12-02
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation....