A constant menace
Gad Elkin delves into the persistent threat of DDoS and explores novel means of combating such attacks.
Despite the ever-changing arsenal of today’s hackers, the Distributed Denial of Service (DDoS) attack has remained a permanent fixture since it burst onto the scene, striking fear into the hearts of businesses all over the world as critical processes become increasingly reliant on network access.
Seemingly every day, the strength at which such attacks are administered reaches new heights, now being registered at 500Gbps, representing a 60 times increase in 11 years. Perhaps most worrying, however, is the diversity that the DDoS attack has shown since it first appeared, evolving almost constantly to evade cyber-defences.
It seems as though we’ve been talking about DDoS for a long time now. In fact, basic DoS attacks existed before the commercial internet, but it wasn’t until the turn of the millennium that DDoS attacks began tormenting businesses.
Now simple, cheap, usually anonymous and more accessible to the common individual than ever before, businesses from a range of industries have been targeted by DDoS attacks. Recent high-profile victims include GitHub, Ashley Madison, Carphone Warehouse and Talk Talk, showing that these methods remain as potent as ever.
The tactic of DDoS extortion aims to be effective without launching an attack. The modus operandi of extortion attacks see victims receive an email explaining who the attackers are and even linking to some recent blogs written about them and their tactics.
Eventually, protagonists state that unless a fee is paid (usually around 40 Bitcoin but demands can go into the hundreds), a large-scale DDoS attack will be launched.
An additional trend we are seeing across the majority of emerging tactics is that they are often employed as diversions. While victims are focusing defences on high-volume attacks, hackers are actually targeting a local application. Therefore, offenders aren’t necessarily aiming to disrupt a website or service, but instead steal personal or financial data by gaining access to an application with a secondary assault.
Its simple — the average DDoS attack is now more than strong enough to bring a business down. Now a matter of when not if, taking no preventative action is not an option. Better collaboration between government, law enforcement and businesses is all very well, but given that organisations could be immobilised anytime, they need measures which can be implemented now. It is imperative that organisations define their DDOS mitigation strategy in order to be better prepared for upcoming risks.
An important method is the employment of on-premises and cloud-based anti-DDoS technologies, so as to allow the mitigation of both local-level attacks targeting the application layer and attacks launched from outside the infrastructure, as well as services that can clean malicious traffic before it gets to the network.
One or the other just won’t do; a hybrid approach is key to protecting against the range of weapons now at hackers’ disposal. This platform diversity within DDoS mitigation is critical, so that organisations always have the range of technology and therefore flexibility to react to any attack.
Today, many hackers are using DDoS as a means to an end, a smokescreen hiding a much more damaging, malicious intent that could see sensitive business data compromised. Therefore, it’s vital that businesses are equipped to appropriately counter diverse threats — it’s time to act now, or risk potentially catastrophic consequences.
Gad Elkin, head of EMEA Security, F5 Network.