Governments must respond to DDoS attacks
Denial of service attacks are increasingly seen by governments a threat to national security. Earlier this year, the US Government announced its intention to launch the Cyber Threat Intelligence Integration Center, an organisation aligned within the US’s counterterrorism remit while the UK‘s Centre for the Protection of National Infrastructure lists DDoS alongside espionage and terrorism as threats to national security.
And it’s not just a perceived fear. The threat is real. For example, on Tuesday 10 February this year a number of Dutch government web sites were taken down by a DDoS attack. The sites were unavailable from 10am until well into the evening.
All shapes and sizes
DDoS can attacks come in all shapes and sizes, and from all quarters. The well known Lizard Squad, notorious for DDoS attacks on gaming portals such as PlayStation Network and Xbox Live, and Anonymous group which regularly claim DDoS successes are just two examples of a significant ‘hactivst’ segment.
Rodney Joffe, Neustar Senior Vice President and Fellow says ““The use of website stressor services—for example, Lizard Squad, which lets anyone take down a website for as little as six dollars a month—has become a major source of irritant attacks.”
Nor is it just governments that are affected. Seven percent of EMEA businesses consulted in research by Neustar said they were attacked about once a week, 17 percent about once a month. Verisign says the frequency of attacks is rising, and its data for the first quarter of 2015 shows seven percent more attacks than in any quarter of 2014. For business the consequences can be staggering. Neustar says nearly 40% of companies would lose over £100,000 (€140.000 at the time the report was published) of revenue per hour.
So, no organisation can sit back and think that a DDoS attack won’t happen to them. Smaller organisations might think they are unlikely targets, but instead of feeling secure through denial, it is important to have excellent prevention strategies in place, and to know precisely what you will do if you are compromised.
It used to be possible to prevent DDoS by blocking or limiting IP addresses, but the strategic shift of DDoS perpetrators to exponentially increasing the number of IPs as well as the amount of traffic means you need to monitor overall traffic. Scripts can do this and alert you to fluctuations.
Neustar’s research found the average attack size to be 1-5Gbps, but eight percent of attacks were over 50Gbps. Cisco has said that a typical DDoS attack is 50Gbps, and some will exceed 400Gbps. It is highly unlikely that in house solutions can absorb this kind of traffic so ensuring appropriate external solutions are in place is paramount.
Make sure your hosting provider has excellent DDoS protection both on the technology and support personnel side. Cloud-based protection will check all traffic before it gets to your servers but be aware that DDoS attacks can get around such systems so ideally you will need off-grid access to all your systems.
Staff are a vital element in any DDoS protection strategy. They need to be fully equipped and your internal command structures must be fit for purpose. Solutions can switch traffic to a clearing system if there is an attack but where they rely on manual authorisation they will fail through human error if that authorisation is not forthcoming.
Not if, but when
DDoS is one of the harsh realities of life in the modern interconnected world. Any company that fails to take the threats it poses seriously is arguably storing up a problem for itself somewhere down the line.
This is eloquently put by Dave Larson, Chief Technology Officer and Vice President, Product at Corero Network Security. He says “Unfortunately, the sheer size and scale of hosting or data center operator network infrastructures and their massive customer base presents an incredibly attractive attack surface due to the multiple entry points and significant aggregate bandwidth that acts as a conduit for a damaging and disruptive DDoS attack. As enterprises increasingly rely on hosted critical infrastructure or services, they are placing themselves at even greater risk from these devastating cyber threats – even as an indirect target.”