Just recently the Internet Complaint Center (IC3) issued an alert to businesses regarding a rise in extortion campaigns, tied to threats of DDoS attack activity unless a ransom is paid.
The rise in DDoS attacks generally, is not surprising at all and the use of the “DDoS threat” for ransom or extortion is not a new tactic in the world of cyber warfare. DDoS attack tools are cheap (if not free) to obtain, easy to launch and are most often executed with complete anonymity. Not to mention the wide range of motivations we see in the market.
Corero is working to support providers and their subscribers as they fight against DDoS attacks, and many of these Internet connected businesses have shared (ehem, confessed) that they have actually paid out ransoms just to stay out of the line of fire.
Let’s put this into perspective.
In late 2014, Each of Corero’s protected customers were seeing roughly four DDoS attacks per day against their network and infrastructure—that’s about 350 attacks per quarter. 96% of those attacks last less than 30 minutes in duration. 79% of those attacks were less than 5Gbps in size. High volume link saturating attacks are indeed a threat, but these smaller, frequent and highly damaging attacks are far more commonplace. How does an organization effectively protect their business from DDoS, regardless of motivation?
What we recommend:
- Consider implementing technology to detect, analyze and respond to DDoS attacks by inspecting raw Internet traffic at line rate - identify and block threats within the first few packets of a given attack.
- Introduce a layered security strategy focusing on continuous visibility and security policy enforcement to establish a proactive first line of defense capable of mitigating DDoS attacks while maintaining full service connectivity, availability and delivery of legitimate traffic.
- Ensure complete application and network layer visibility into DDoS security events. This best practice will also enable forensic analysis of past threats and compliance reporting of security activity.
- Take into account the hybrid approach to DDoS defense – in-line real-time detection and mitigation solutions for the everyday DDoS threat paired with on-demand cloud services for link saturating events.
When it comes to the hybrid approach, the concept of on-demand cloud defense for a pipe saturation attack coupled with in-line, real-time defense provides protection against the whole spectrum. Businesses that engage with their on-demand DDoS mitigation provider can quickly initiate that service based on visibility in the event of a massive volumetric attack. The main benefit of a hybrid approach is that the on-premises device heavily reduces the number of times an organization switches over to the cloud – lowering cost and providing comprehensive and consistent defense. The implementation of an always-on solution combined with on-demand cloud defense provides businesses with a means of safeguarding against the vast scope of DDoS attacks posed to their networks. With DDoS attacks now being delivered in various sizes and with differing intentions, ensuring that the appropriate prevention best practices are utilized correctly could well be what saves your organization from falling victim to a DDoS attack, and or major breach of information.