DDoS attacks: The impact
DDoS experts explain how to try to prevent DDoS attacks and what the impact is of an attack on an enterprise
DDoS experts explain how to try to prevent DDoS attacks and what the impact is of an attack on an enterprise.
The cost of a Distributed Denial of Service (DDoS) attack can continue to impact on the targeted organisation long after the event has been dealt with. It is not just the disruption to the public interface, which is damaging enough to any organisation that conducts a substantial volume of its business online. Loss of revenues while services and systems are unavailable to customers are compounded by the cost of rectifying the crisis and long-term damage to the business’s reputation In some cases an organisation might even submit to extortion from the hackers, effectively paying a ransom to rid itself of the problem – until the next strike from another hacker source.
In the face of the threat, network and IT managers might be excused a constant sense of despair. The logistical and reactive challenges of anticipating and handling a threat that is all the more sinister for the apparent coordination and efficiency of its perpetrators are considerable. But that is no reason for anyone to simply hunker down and brace themselves for the next attack.
“A Distributed Denial of Service attack is a Denial of Service attack conducted by using multiple systems distributed over the internet as sources to host the attack on the same target,” says Kuber Saraswat, director, strategic security consulting at Dubai-based security services provider SecureLink.
“Most security-conscious customers already have some level of DDoS protection in place. The DDoS attacks in the Middle East have create awareness in corporate and government security strategies of the need to prepare for larger capacities to handle such events, and also to look for new attack trends and patterns.
“While every attack is dangerous, the visibility and the ability for these attacks to scale in size makes them most dangerous. The DDoS attack is focused on degrading the service quality of the target system, so that it is either unavailable or slow in response. The attack impacts business through creating delay in transmission, network outage, and has been used by organised crime for extortion, website sabotage, to incur financial losses and to block users from accessing online accounts, to reduce worker output and to cause brand and reputation damage.”
As if that was not enough, Saraswat states that a new trend is emerging: DDoS attacks are increasingly used as a diversion to engage the target company’s resources while another type of attack is launched from another access point.
While many organisations look to comprehensive managed service systems to protect themselves as far as possible against an attack, this can be expensive. James Lyne, director of technology strategy at security systems specialist Sophos says that investment in a combination of software and hardware will significantly improve defences. But total prevention is a challenge for any business without substantial financial resources to maximise bandwidth and IT resources.
“That said, there are some basics that most can do,” he explains. “Firstly, you should use DDoS prevention capabilities at the protocol level in your network security devices. This can filter the obvious such as a small number of systems generating basic flood packets. To really deal with the issue, however, you need to work with your service provider to ensure they can filter and handle traffic upstream from your systems. Use of a cloud provider can also help as they are likely to have significantly more bandwidth and resilient infrastructure in place.”
Lyne says that DDoS prevention software will help to identify a probing system or a large number of fake or malformed requests, but more traditional monitoring software – which tracks uptime and validates service availability – is also a useful source of early warnings. Armed with the information such software affords, you can work with your service provider or make configuration chances in-house to counter the attack.
“Our Unified Threat Management and network security gateways have some DDoS capabilities to help deal with certain classes of attacks or internal disruption,” he said. “When combined with the right capabilities provided by the ISP or service provider, this can be an effective basis of defence against many forms of DDoS.”