When hackers took down Ireland’s National Lottery website with a Distributed Denial of Service (DDoS) attack in January, it was just the latest in a series of damaging and high profile cyberattacks to hit businesses worldwide.
Over 275 million records were leaked last year, often in combination with a DDoS attack to mask the hacking attempt. In fact, as one pundit1 commented, “the volume of data breaches and cyberattacks that marked 2015 could be appropriately described as a ‘cascade’ or ‘torrent’ or, perhaps, ‘maelstrom’. Money has been stolen, data has been swiped and lives have been ruined.”
While online security breaches can take many forms, DDoS attacks are a rapidly growing problem and no business or industry sector is immune. In recent months we have seen attacks on such diverse targets as banks, insurers, airlines, dating agencies, hotel chains, food manufacturers, healthcare providers, newspapers, universities, retailers, local authorities and government departments - even a well-known greeting card supplier with a particularly memorable jingle. Every business with an online presence is vulnerable to this threat.
According to a new report from Arbor Networks2, DDoS attacks are now big enough to knock most businesses offline.
The largest attack reported last year was 500Gbps – a 60 times increase in 11 years. While there were also reports of attacks of 450Gbps, 425Gbps and 337Gbps these were relatively rare. However, the report noted, “What is significant is that the average of just under 2Gbps, which we see across tens of thousands of attacks, is enough to overwhelm most business internet connections.”
So what exactly is a DDoS attack? DDoS can be compared to taking down your shop front by placing a large protest outside your shop. It then becomes very difficult because of the size of the crowd for genuine customers to get in. Without any customers it stands to reason the business suffers a drop in revenue. However, unlike in the physical world, these attackers (or to continue the analogy, protestors) are anonymous. Some – like (ironically) the group Anonymous - may publish their organisational name for financial reward or notoriety but, largely, they go unchecked.
DDoS attacks the number one online threat today
Forrester’s figures state there are now some 7,000 DDoS attacks every day. The asynchronous nature of the internet means very large attacks can be generated through huge botnets or amplification and reflection attacks. Ireland, in particular over the past few weeks, has seen a dramatic rise in the number of companies being struck. These attacks have hit so many disparate enterprises it is hard to see any correlation between the targets.
Sungard Availability Services has been offering a DDoS mitigation service for the past five years and this has escalated from being a ‘nice to have’ to an absolutely essential part of a ‘defence in depth’ security model. This is the coordinated use of multiple security countermeasures to protect the integrity of the data in a business. Such a strategy is based on the military principle that it is more difficult for an enemy to defeat a complex and multi-layered defence system than to penetrate a single barrier.
“No consideration was given to the possibility of DDoS attacks in the original internet architecture. Consequently, almost all internet services are vulnerable to attacks of sufficient scale.”
As well as the size and sophistication of attacks increasing, a common trend now is for attackers to hack the target company’s systems at the same time as launching a DDoS attack. Going back to our crowd analogy, it is the situation where one person bumps into you as the other steals your wallet.
So how does Sungard AS defend customers against this activity? Some of our techniques are to:
- Use white lists and black lists drawn up per client to block attacking hosts, or load a white list of the last 10,000 users from a week ago.
- Standard network firewalling – where most attacks are ‘dumb’; UDP misuse attacks, NTP reflection attacks, we can profile our customers to filter out from our scrubbing centre most attacks that come into Sungard AS.
- Mitigation countermeasures such as Global Exception List, Geo-IP validation, Geo-IP Filtering, Global Botnet Filter, Zombie Management & Control, TCP SYN Authentication, HTTP Authentication, HTTP Object Rate Limiting, HTTP Request Rate Limiting, Malformed HTTP, HTTP Header Regex Filtering, DNS Proxy, Malformed DNS, DNS Authentication and Regular Expression Filters.
Perhaps naively, no consideration was given to the possibility of DDoS attacks in the original internet architecture. Consequently, almost all internet services are vulnerable to attacks of sufficient scale.
What is your connection to the internet worth? DDoS attacks are the number one threat to your online presence today. An attack can last an hour, a day or even weeks. It will bring down your website, DNS and application servers leading to significant costs in terms of:
- Loss of your e-commerce presence
- Loss of systems efficiency
- Loss of revenues (and the impact of downtime on your share price and custom)
- Loss of reputation and stakeholder confidence.
Sungard AS has extensive DDoS mitigation expertise. We can detect an attack within 180 seconds and deploy an effective response within 5 to 7 minutes, well within our SLA commitment of 15 minutes.
But defence against an attack is harder to do on the fly. It is quicker and far more effective to proactively implement defensive measures in readiness rather than wait until you are under attack.
There is something you can do to protect yourself today. If online security is currently languishing way down your To Do list, email firstname.lastname@example.org or pick up the phone and call us on 0800 143 413 to discuss DDoS mitigation as a matter of urgency.
1 Lewis Morgan, IT Governance, ‘List of Data breaches and cyberattacks in 2015 – over 275 million leaked records’: 14.12.15
2 Computer Weekly: ‘Average DDoS attacks fatal to most businesses, report reveals’ – 27.1.16