A Survival Guide to DDoS Attacks: Ignore at Your Peril

Avoid DDoS attacks BEFORE they hurt your business

DDoS, or Distributed Denial of Service, attacks are a clear and present threat to businesses of all sizes and in all sectors. DDoS attacks aim to knock web services and network connectivity offline by bombarding servers with millions of packets and requests that overload their target’s ability to handle them. As such, DDoS attacks are increasingly being considered as a business continuity risk; not just an information security or IT issue.

How does a DDoS attack work?

For the most part, DDoS attacks are comprised of bot-based attacks. A bot is a simple piece of code that can be embedded in an Internet-connected device and that can be controlled by a malicious actor to target a specific IP address or web service at the same time.

DDoS Attacks Explainer Image Zenedge
Copyright 2016 Zenedge LLC

 

 

 

 

 

 

 

 

 

 

In the last two months of 2016, we saw some of the largest DDoS attacks ever, taking down DNS networks, Telecom infrastructures and, in the case of Liberia, cut off Internet access for an entire country.

Recent attacks have exploited poor security in Internet of Things (IOT) devices, like smart light bulbs, home surveillance cameras, etc., that can be commanded as part of an enormous global ‘Botnet army’ to take down any intended target.

Mirai Botnet DDoS attack
Mirai Botnet

 

 

 

 

 

 

 

 

 

 

There are many types of methods and ‘attack vectors’ that malicious actors can use to take down a target network or website; and until recently, an attacker needed to have specialist technical skills to launch a DDoS attack against a target. This is no longer the case – with any number of off-the-shelf ‘DDoS Stresser’ applications that can be used, simply by paying for an attack (usually via Bitcoin transactions) and entering the details of the intended target. The graphic below shows a DDoS Stresser tool that allows sophisticated DDoS attacks to be launched against any target instantly:

DDoS Stresser Tool for launching a DDoS attack
DDoS Stresser Tool

DDoS attacks can be seriously costly to your business

According to research by the Ponemon Institute, a leading independent research body, the average cost of a DDoS attack is in the region of $40,000/hour (£30,000/hour). This cost can be made up from the cost of lost business due to network and/or web services being unavailable during a DDoS attack, through to a range of technology counter-measures, consulting and audit-related costs that may be required following an attack to prove to key stakeholders that you are able to protect your business from this kind of disruption.

The graphic below outlines some of the costs that businesses are likely to incur as a result of a DDoS attack:

Cost-of-a-ddos-attack-infographic

What can be done to protect your business from DDoS attacks?

There are a number of options available to protect your business from the potential disruption of a DDoS attack. The level of disruption and risk that you believe a DDoS attack on your network or website(s) would inflict on your business may determine which of the following options will be most appropriate for your business:

Telco/ISP/Hosting provider DDoS protection services

If you use external hosting or co-location services for your website, web applications and/or core enterprise services, then many ISPs and hosting companies will be able to offer DDoS protection as part of their service. However, Caveat Emptor! – Please read the small print of any agreement as it is common for hosting providers to protect customer sites only up to a certain point. If your site or business is specifically targeted by an attacker, and if the attack has the potential to affect other customers who may be using the same hosting services, many hosting companies will ‘blackhole’ or cut your connection with them, leaving you without any connectivity services.

Some Telcos and hosting providers may offer more dedicated protection services for a higher fee. You should check these details with your provider, if in doubt.

On-premise DDoS mitigation hardware appliances

Appliance-based DDoS protection solutions are generally the most expensive option because they are generally excellent solutions for companies looking for real-time, or near real-time DDoS attack detection and mitigation. However, they are the most costly option and you need to scale up the number of hardware appliances in order to expand your DDoS protection limits. With DDoS attack sizes increasing year on year (an attack on French hosting provider OVH in October 2016 was measured at over 700Gbps), this may mean having to consistently reinvest to keep up adequate protection of your network.

For some companies with large security and networking budgets, this might not be an issue. For mid-market companies, the cost of investing in appliance-based solutions may limit their ability to protect their own networks from some volumetric attacks.

Cloud-based DDoS mitigation solutions

A second option is to not deploy on-premise hardware appliances to provide DDoS protection, but to use one of a number of cloud-based DDoS mitigation solution providers. Cloud-based solutions generally come with two deployment options:

[a] Always-On: where Internet traffic is permanently routed through the cloud DDoS mitigation service. This is great in that it provides instant detection and mitigation; but not so great because these solutions can increase latency and add substantial cost to the solution.

[b] On-demand: where the cloud-based service is only activated when a DDoS attack has been confirmed and the traffic has been routed via the mitigation service.

Zenedge is an example of a slightly different, newer generation of cloud-based DDoS mitigation solution providers that are changing the commercial model of offering large scale DDoS protection for Data Centre owners.

Cloud-based services can also be used to protect websites and web applications from targeted DDoS and malicious bot-based attacks as well.

Hybrid DDoS mitigation solutions

Hybrid DDoS mitigation solutions are another attractive option to provide the strongest DDoS protection at a cost that can be justifiable.

With Hybrid solutions, hardware appliances are combined with cloud-based mitigation services to provide real-time or near real-time DDoS attack detection and mitigation, but then can fail-over to a cloud-based mitigation service if the capacity of the hardware appliances is reached.

Some cloud-based solutions work in parallel with the on-premise appliance based infrastructure, while others are more closely integrated with specific appliance based solutions.

Cyber Protection Insurance policies

One of the fastest growing areas of insurance protection is in the area of Cyber Protection Insurance. Most insurance companies will offer cyber protection insurance, and while it is highly recommended to take out policies to mitigate your cyber risk, this does not clearly present any protection for your business in the event of an attack. Cyber protection insurance must always be used in conjunction with adequate DDoS mitigation solutions. After all, who takes out a fire insurance policy, but does not invest in fire protection systems and equipment as well?

Do nothing

There are some businesses who may feel that they do not present themselves as a target for cyber criminals because they have not been targeted in the past. This is a seriously limiting belief and we would strongly advise any company to have some kind of protection in place to mitigate the risk of an attack. There are DDoS protection solutions available to meet budget and protection requirements of all types of businesses. This should form part of your standard risk management and business continuity plan.

This article was first published on 13 December 2016 by Ronan Lavelle, General Manager EMEA at Zenedge in the Zenedge blog.