While online security breaches can take many forms, Distributed Denial of Service (DDoS) attacks are a rapidly growing problem and no business or industry sector is immune.
In recent months, we have seen attacks on such diverse targets as banks, insurers, airlines, dating agencies, hotel chains, food manufacturers, healthcare providers, newspapers, universities, retailers, local authorities and government departments, and even a well-known greeting card supplier with a particularly memorable jingle.
Every business with an online presence is vulnerable to this threat. In fact, according to a new report from arbour Networks1, DDoS attacks are now big enough to knock most businesses offline.
The largest attack reported last year was 500 gigabytes per second (Gbps) of traffic—a 60 times increase in traffic compared to 11 years ago. While there were also reports of attacks of 450Gbps, 425Gbps and 337Gbps, these were relatively rare. However, the report noted, "What is significant is that the average of just under 2Gbps, which we see across tens of thousands of attacks, is enough to overwhelm most business internet connections."
So, what exactly is a DDoS attack? And how does it work? DDoS can be compared to taking down your shop front by placing a large protest outside your shop. It then becomes very difficult, because of the size of the crowd, for genuine customers to get in. Without any customers, it stands to reason the business suffers a drop in revenue.
However, unlike in the physical world, these attackers (or, to continue the analogy, protestors) are anonymous. Some, like the group ironically named Anonymous, may publish their organisational name for financial reward or notoriety but, largely, they go unchecked.
The asynchronous nature of the internet means very large attacks can be generated though huge botnets (a network or private computers) or amplification and reflection attacks—making massive-scale DDoS events easier to pull off for the bad guys.
In addition to the size and sophistication of attacks increasing, a common trend now is for attackers to hack the target company's systems at the same time they launch a DDoS attack, a diversionary tactic to draw attention away from the data breach. Going back to our crowd analogy, it is the situation where one person bumps into you, while another steals your wallet.
What Does It Cost Your Business?
DDoS events continue to plague businesses of all types. Consider these examples, which all occurred February of this year:
- Cybercriminals seized the opportunity to target a few online florists on Valentine's Day with DDoS attacks, one of their busiest holidays.
- HSBC reported their Internet banking services successfully defended against a recent attack even though their customers were unable to access online accounts for several hours.
- Xbox Live was the target of a hacker group when a DDoS attack took down the site for approximately 24 hours.
What is your connection to the internet worth? An attack can last an hour, a day or even weeks. It can bring down your website, DNS and application servers, leading to significant costs due to the loss of system efficiency, as well as your e-commerce presence, revenue, reputation and stakeholder confidence.
Defence Against DDoS Activity
Sungard Availability Services (Sungard AS) has been offering a DDoS mitigation service for the past five years and this has escalated from being a "nice to have" to an absolutely essential part of a "Defence in depth" security model: The coordinated use of multiple security countermeasures to protect the integrity of the data in a business. Such a strategy is based on the military principle that it is more difficult for an enemy to defeat a complex and multi-layered Defence system than to penetrate a single barrier.
We have extensive DDoS mitigation expertise. In fact, we can detect an attack and start automatic mitigation in under 30 seconds.
Some of our techniques are to:
- Employ hybrid attack detection methods by paring anomalous network activity with known attack signatures.
- Apply standard network firewalling: Where most attacks are "dumb" (not aimed at a specific target), User Datagram Protocol (UDP) misuse attacks, or Network Time Protocol (NTP) reflection attacks, we can profile our customers to filter out from our scrubbing centre most attacks that come into Sungard AS.
- Take mitigation countermeasures: Including Global Exception List, Geo-IP Filtering, Global Botnet Filter, Zombie Management and Control, TCP SYN Authentication, HTTP Authentication, HTTP Object Rate Limiting, HTTP Request Rate Limiting, Malformed HTTP, HTTP Header Regex Filtering, DNS Proxy, Malformed DNS, DNS Authentication and Regular Expression Filters.
For your business, you need to know Defence against an attack is harder to do on the fly. It is quicker and far more effective to proactively implement defensive measures in readiness, rather than wait until you are under an attack.