As several high-profile websites have been hit by DDoS attacks in recent weeks, the issue of cyber security has made the headlines in major news outlets around the globe. Any type of website can be preyed upon by a DDoS attacker: corporate enterprises as well as government agencies and educational institutions have been hit. Distributed denial of service attacks are clearly on the rise in terms of size, sophistication and frequency. To address these issues in greater detail I spoke with Corero’s COO, Dave Larson. Below is a summary of our conversation.
Are DDoS attacks growing in size?
Yes, however it is important to note that a DDoS attack does not have to be record-breaking in size to create major damage. In fact, among our customers we have observed that the majority of DDoS attacks are less than 30 minutes in duration and are 1Gbps or less in size. Such partial link saturation attempts are extremely difficult to detect without an in-line, automated solution. Small DDoS attacks most likely evade existing legacy scrubbing solutions, yet they can be just as dangerous because they often serve as a smokescreen that distracts IT staff while the hackers launch a secondary malware attack that infiltrates sensitive databases.
Are DDoS attacks becoming more frequent?
While enormous attacks occur from time to time, high-bandwidth, sub-saturating attacks occur with alarming frequency. As an example, a single Corero customer experienced a dozen discrete, significant attacks during the week of December 20, 2015 with a single attack peaking at 60Gbps. In total, the amount of DDoS traffic mitigated within this single account exceeded 25 terabytes for the week. Corero’s in-line mitigation approach was capable of mitigating 100% of the attacks with no human intervention and no false positives.
Are DDoS attacks getting more sophisticated?
Absolutely yes. Attacks can surgically target individual applications or even vulnerabilities within the traditional security layers of the web tier, like firewalls and intrusion prevention systems (IPS). They can infect not only computers and networks, but also mobile phones and smart devices connected to the Internet of Things, which are then used as botnets.
How easy is it for black hat hackers to launch a DDoS attack?
Because the code is ridiculously inexpensive and easy to find, even a novice hacker can execute a damaging attack against any target IP address. According to a recent FierceMarkets eBook, “DDoS-for-hire botnets, estimated to be behind as many as 40 percent of all network-layer attacks, offer a subscription-based model and the ability to launch several short-lived DDoS attacks for just a few dozen dollars per month—no coding experience necessary.”
What would be the motivation behind a DDoS attack?
Motivations for DDoS attacks range from highly targeted and methodical, to seemingly random and haphazard: political hacktivism, nation-state aggression, extortion, data theft, pure vandalism, or just hacking for the sake of gaining a reputation in the black hat underworld. Increasingly, however, DDoS attacks are carried out for money: either data theft or Bitcoin ransom.
What can be done to prevent them?
The conversation around DDoS protection should always start at the provider level. Internet service providers should share the responsibility for protecting against DDoS attacks by mitigating obvious attack traffic before it reaches their corporate customers’ networks. Technology exists to remove known DDoS threats while they are still in transit. Unfortunately, most ISPs have business models based on the volume of bandwidth they deliver rather than the quality or security of the connections. However, the online enterprise can also protect their network edge from malicious DDoS attacks by implementing real-time, on-premises DDoS mitigation solutions. This practice allows good user traffic to flow as intended, while DDoS attack activity is detected and removed automatically.
How can companies protect their networks?
Anyone who runs a network should implement safeguards both to identify unusual traffic patterns and to mitigate the attack. We recommend people take the steps of protecting on their network edge; if any DDoS traffic makes it into their data center, they should be able to deal with it on the very edge of their network immediately. Dedicated DDoS protection technology that is deployed at the very edge of the network, or Internet peering, can effectively inspect all Internet traffic and mitigate DDoS attacks in real-time, removing the threat to a business before it can inflict damage.