Duncan Hughes explains the best methods to use to effectively protect businesses and ensure networks can stand up to a DDoS attack. The latest headlines have shown that distributed denial of service (DDoS) attacks have been growing in both size and complexity. In the last month, two high-profile DDoS attacks reached more than 600 Gbps and 1 Tbps. The most recent attacks have ranked among the largest DDoS attacks on record. The ferocity and frequency of these attacks has suggested that this trend is only set to upsurge in the near future. With the most recent DDoS attack targeting the service provider, rather than a specific website, resulting in Twitter, Netflix, Reddit, Spotify and others being severely affected, it is clear to see how DDoS attackers are increasing their capability. In my opinion, this most recent DDoS incident is a new spin on an old attack, as the bad guys are finding new and innovative ways to cause further discontent. It was an interesting point to see that the bad guys are moving upstream for DDoS attacks on the DNS providers, instead of just on sites or applications. What is also interesting to see is that threat actors are leveraging unsecure Internet of Things (IoT) devices to launch some of these large DDoS attacks. The immediate solution is for manufacturers to eliminate the use of default or easy passwords to access and manage smart or connected devices. That said, consumer adoption will be tricky, but this change is critical for the greater security of all. This response will hinder many of the global botnets that are created and deployed for malicious use. DDoS attacks can impact businesses of all types and sizes. Retail stores, enterprises and service providers can all find themselves at threat of the DDoS crosshairs. According to a recent report commissioned by A10 Networks in its A10 Networks IDG Connect report – everyone is a target, but some types of businesses come under fire more frequently. Entertainment and gambling are targeted the most targetted, with 33 percent of DDoS attacks aimed at that industry, followed by advertising media and web content (28 percent), and traditional and online retail (22 percent). The financial impact of DDoS attacks for businesses can be severe and a recent Ponemon Institute study revealed that between 2011 and 2016, the costs associated with a DDoS attack swelled by 31 percent, with some larger attacks exceeding US$2 million (£1.6 million) due to lost revenue, business disruption and other hard costs. Brand and reputation damage, can also have a lasting effect which cannot be financially measured. The IDG Connect report found the average company suffers 15 DDoS attacks per year (some averaging as many as 25 DDoS attacks annually), and the average attack causes at least 17 hours of disruption, whether that’s downtime, latency, denied customer access or crashes. That’s 255 hours of disruption a year, can businesses afford this level of interruption? I would suggest that the answer is probably not. So to be properly prepared, businesses must brace for the worst-case scenario. The following points below outline four main steps in prevention to ensure networks can stand up to a DDoS attack: Be proactive. Do not wait for a major crash. You may already be experiencing attacks with slowed or blocked customer access, which can result in lost sales or dissatisfied customers. Beware of the “world of denial.” Ask tough questions. What do your customer satisfaction metrics reveal? Do you see indicators of lost sales? What’s the real cost of service restoration? Hope for the best, but prepare for the worst. Invest in sufficient DDoS protection and mitigation solutions early, before a major attack strikes. Defend against all vectors. Consider dedicated multi-vector DDoS protection using in-path mitigation, coupled with integrated threat intelligence, for the best accuracy. Include hybrid protection with a cloud-bursting service as an extra precaution to combat volumetric attacks. Businesses of all sizes need to be able to detect and mitigate DDoS attacks particularly ‘multi-vector’ ones that simultaneously attack the bandwidth, application and network layers. This is all the more important because we have all seen that major DDoS attacks are taking place – and growing exponentially in size. Not only are the implications of this profound but these attacks are leveraging botnets comprising hundreds of thousands of unsecured IoT devices. With industry analysts expecting IoT usage to grow substantially the issue is coming into ever more sharper focus. Referring back to the Ponemon research, some of the main findings really bring to light the extent of the problem. From the research in which over 1000 IT and IT security practitioners in North America and EMEA participated, one of the most frightening takeaways was that organisations are highly concerned that they aren’t able to detect and stop encrypted attacks, but aren’t sure where to start or how best to defend their business. Clearly a lot needs to be done within the industry to protect against cyber-security threats. The one key thing that should be reflected from this is to not let your network remain unprotected against such attacks that are noticeably increasing and could end up being more costly for your business in the long run. Source: http://www.scmagazineuk.com/why-you-should-have-a-ddos-defence/article/570782
View post:
Why you should have a DDoS defence
Forbes’ Thomas Fox-Brewster recently reported on a DDoS-for-hire tool. For $7500, anyone who wanted to cause a little online mayhem could rent an army of 100,000 bots. Its controllers boasted that the Mirai-based botnet could unleash attacks of 1 Terabit per second or more. Now there’s a new DDoS service that’s powered by four times as many bots. 400,000 of anything sounds like a lot, but how big is that in botnet terms? A security researcher who goes by the handle MalwareTech told Bleeping Computer’s Catalin Cimpanu that this new Mirai botnet is larger than all other the Mirai botnets combined . It’s being actively promoted on the Dark Web, and its handlers are even willing to give free demonstrations of its considerable capabilities to potential customers. You don’t have to rent all 400,000 bots if you don’t want to. A customer can specify how many bots they want to rent for an attack, the duration of the attack, and the length of the “cool-down period” they’re willing to accept so the bots don’t get overtaxed. Prices are adjusted accordingly, a Bitcoin payment is made, and customers are given an Onion URL to access the botnet’s controls so they can launch their attack. Access to a service like this doesn’t come cheap. Cimpanu was quoted $3,000 to $4,000 to utilize 50,000 bots for a two-week attack with 1-hour bursts and a 5-10 minute cool-down. Apart from the massive number of bots this Mirai botnet has at its disposal, Cimpanu notes something else that differentiates it from the others. This botnet has the ability to circumvent certain DDoS mitigation techniques. Its creators have given it the ability to broadcast fake IP addresses, which makes the attacks much more difficult to disrupt. It also has one prominent attack under its belt already: the one last month that targeted a mobile telecom provider’s network in Liberia. Though reports after the fact showed that the whole country was not ever knocked completely offline, this botnet definitely seems to have the capacity to make that happen. Aimed at the right servers, a fraction of its 400,000 bots can cause widespread disruptions. Just look at what a single gamer with money to burn and an axe to grind with the Playstation Network did to Internet users all over the east coast this month. Source: http://www.forbes.com/sites/leemathews/2016/11/29/worlds-biggest-mirai-botnet-is-being-rented-out-for-ddos-attacks/#5a31b930465a