In the past month, the Information Commissioner’s Office (ICO), the Leveson inquiry website, Visa and Virgin Media have all been hit by distributed denial of service (DDoS) attacks. Much had been made of the motives for such attacks, and the methods that attackers use, but what impact do they have on the victim’s finances? John Pescatore, analyst at research firm Gartner, told Computing that there were three main costs associated with attacks. “There is the cost of the outage, as it means that a business’s customers cannot reach them through the internet. Then there is the cost of making the attack stop – and, often, a third cost in the form of a potential extortion fee,” he said. Obviously losses vary, depending on how much revenue is generated directly from a company’s web presence. John Roberts, head of managed services at MSP Redstone, said: “If a betting organisation trades £600m a year – or £2m a day in revenue terms – and 50 per cent of that comes from the web, then they are losing £1m a day.” Any web-dependent organisation within the global 1,000 might incur similar losses, he added. But there are some less obvious victims of these blunt-instrument attacks. “A Scottish football club who were playing in a European match had its website taken down by the opposing teams’ fans with a DDoS attack. The club was not able to generate significant revenue, because a number of its customers were signed up to stream live games on a monthly fee basis. So an organisation as innocuous as a football club can lose hundreds of thousands of pounds as well,” Roberts said. Public-sector bodies can also suffer substantial financial damage through loss of productivity. “There is a cost implication for local government as people will be looking to procure services over the internet. If those services are unavailable, public-sector staff will receive a lot more incoming phone calls,” he said. Other repercussions are harder to assess and quantify. For example, businesses can suffer reputational damage from DDoS attacks, said Andrew Kellett, analyst at research firm Ovum. “With [the attack on] the Serious Organised Crime Authority [SOCA], the issue was that this was not the first time it had been exposed to a DDoS attack. You would have thought that enough resilience would have been built after the first attack to deal with something similar a year later,” he said. But Gartner’s Pescatore said that reputational damage is often less severe than many organisations fear; customers are used to websites not working for any number of other reasons that are not related to DDoS attacks. “There is reputational damage if the website is defaced or if the website is attacked and customers’ financial information is disclosed, but DDoS generally does not have much of a reputational impact,” he argued. Kellett disagreed and emphasised that reputational damage can itself cause financial loss to enterprises, as their customers opt for an alternative service from a similar provider. He warned that DDoS attacks could also be used as cover for a simultaneous assault on the targeted business. “The noise around DDoS attacks can be used to hide another backdoor-style assault, such as data being stolen from within the organisation. “There is an example of clerical records, including credit card information, being stolen from an organisation when a DDoS attack was taking place. It was a hacktivist attack where the credit card details were used to make donations to a charity. For any organisation protecting those details it would be both embarrassing and expensive, as they could lose customers and have to repay anyone who has had money taken from their accounts,” he said. Pescatore said that, of the three costs typically associated with DDoS attacks, extortion attempts have reduced significantly. “In the last two years, businesses have not paid off extortion attempts and are focusing on putting in place services to mitigate DDoS attacks. Several years ago there were incidents where it was deemed less expensive to pay off the attackers as they would only be asking for €5,000,” he said. Source: http://www.computing.co.uk/ctg/analysis/2181680/analysis-counting-cost-ddos-attack
Tag Archives: stop-dos
Three-Quarters of IT Professionals Fear Negative Brand Impact or Customer Experience as a Result of DDoS Attacks
New Data from Neustar Finds DDoS Attacks Can Cost Retailers More Than $100,000 Per Hour May 15, 2012, 9:30 a.m. EDT STERLING, Va., May 15, 2012 (BUSINESS WIRE) — Neustar, Inc., a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, entertainment and marketing industries, today released the results of a survey asking 1,000 IT professionals across North America about the business impact associated with distributed denial of service (DDoS) attacks. Among the findings, three-quarters of those surveyed cited impact on customer experience and brand as their greatest fears about the possible implications of DDoS attacks. By unleashing extremely high volumes of malicious Internet traffic or surgically targeting Web applications, hackers seek to shut down a company’s Web resources — typically websites, but also email servers. When hackers unleash a DDoS attack, it carries the potential to exert lasting damage to customer service, online revenue streams and brand reputation. Neustar Survey Results: Executed in Q1 2012, the survey garners responses of IT professionals in more than 25 industries such as finance and banking, retail, telecommunications, travel and IT. Notable findings include: – More than 300 respondents reported they had been attacked – The top concern was the impact attacks have on customer service — with 51 percent listing it as their greatest concern associated with the attacks – 35 percent of those attacked said the attacks lasted more than 24 hours — with 11 percent of attacks lasting more than a week – Specific to retailers, 67 percent who had experienced a DDoS attack pegged the costs of website outages at more $100,000 per hour — equating to loses of $2 million a day “The potential negative implications of DDoS attacks can be devastating for both marketers and IT professionals,” said Alex Berry, senior vice president, Enterprise Services, Neustar. “Many companies have been hit hard – with consequences lasting far longer than the attacks themselves. It’s important that companies are proactive about protecting their online presence, as well as their customers, to ensure the constant delivery of online services and necessary brand vigilance.” Overall, the survey shows that a significant number of companies face the risks of DDoS attacks, yet few have solutions designed specifically to combat attacks, with many relying solely on firewalls and intrusion detection systems. Less than 5 percent of respondents have a purpose-built DDoS mitigation solution, for example, an on-premise DDoS mitigation appliance. This explains why so many attacks last days — in fact, 35 percent respondents experienced attacks that lasted more than 24 hours. Without adequate protection, companies are unable to prevent losses from adding up. While many respondents are aware of the risks to their customer experience and public trust, they haven’t taken the next step to safeguard their reputation. Source: http://www.marketwatch.com/story/three-quarters-of-it-professionals-fear-negative-brand-impact-or-customer-experience-as-a-result-of-ddos-attacks-2012-05-15
View the original here:
Three-Quarters of IT Professionals Fear Negative Brand Impact or Customer Experience as a Result of DDoS Attacks
Researchers Show How Easy It Is To Infiltrate Facebook
A new paper being presented next month at the Annual Computer Security Applications Conference (ACSAC) shows easy it is to infiltrate Facebook and harvest valuable user data. Botnets, networks of hijacked computers controlled remotely for criminal gain or spreading propaganda, have been aggravating cybersecurity professionals for years. The near-billion people connected to social networks has made Facebook and Twitter the new juicy targets for similar schemes
Continue reading here:
Researchers Show How Easy It Is To Infiltrate Facebook
DoS attack rocks Palestine, cuts phones, internet
Large denial of service attacks have rocked Palestinian severing internet service to the West Bank and Gaza. The Palestinian Communications Minister Mashur Abu Daqqa told reporters the attacks originated from locations “all over the world … using mirror servers.” Up to a million packets a second had hit Palestine’s incumbent telephone company PalTel, local media said
Read More:
DoS attack rocks Palestine, cuts phones, internet
DHS, Commerce looking to battle botnets
The Commerce and Homeland Security departments are considering whether a set of voluntary industry standards are needed to combat botnets, the malicious networks of compromised computers controlled by online criminals, hackers and possibly nation-states. Steps being considered include a centralized customer support center for Internet service providers, a voluntary code of conduct for vendors and service providers along with incentives for participation, and an effort to identify best practices for preventing, identifying and mitigating infections. “Over the past several years, botnets have increasingly put computer owners at risk,” said a request for information published last month by DHS, the National Institute of Standards and Technology, and the National Telecommunications and Information Administration.
View the original here:
DHS, Commerce looking to battle botnets