By Michael E. Donner, SVP, CMO, Prolexic
The word ‘hacker’ used to conjure up an image of a geeky teenager in a messy bedroom hacking into corporate IT systems just for fun.
Well the fun and games are over.
Today’s hacktivist groups such as Anonymous and LulzSec are making DDoS a household word as they make headlines after successfully attacking US government agencies and large corporate brands. In fact, public awareness of DDoS in the mainstream media is one of the most striking changes in the DDoS landscape over the past 18 to 24 months.
We’ve seen several emerging motivators for DDoS attacks. In addition to ideological and political protesters, some attackers are extortionists who threaten a DDoS attack unless the business pays a ransom by a specified deadline. In addition, whilst rare, some attacks are cybercrimes or cyber espionage — essentially a personal vendetta by a business competitor, a disgruntled customer or former employee, or a group of hackers whose sole intent is cyber hate-crime. The most vulnerable assets in this case are online gaming websites and those associated with specific minority, religious, or alternative lifestyles.
The fact is, however, that all online businesses are at risk of a DDoS attack.
Knowledge is power when creating an enterprise DDoS protection strategy:
- Keep IT informed of any corporate policies with potentially controversial political or social justice overtones that might trigger a hacktivist attack.
- Be sure to monitor social media and blog chatter about your company and note inflammatory postings that could motivate an attack.
- Never ignore blackmail or extortion threats with DDoS as the consequences; inform your IT staff and your DDoS protection provider and take proactive defensive action. Informing law enforcement can also give you an early edge on bringing the attackers to justice.
- Another warning sign is when a competitor or business partner suffers a DDoS attack; this could indicate a trend for attackers to target your industry.
While it may by tempting to keep DDoS protection in house and under the control of an internal IT group, be warned. Many current DDoS attacks are not only very large in size, requiring massive, dedicated networks to absorb them, they are often highly sophisticated, exhibiting multiple attack vectors and sometimes encryption. For these reasons, it usually makes sense to outsource DDoS protection to a specialist provider with the bandwidth and expertise needed to mitigate these attacks quickly so downtime is minimized.
There has been a steady increase in the frequency, size and intensity of DDoS attacks over the last year. Comparing the first two quarters of 2012 there was a 10% increase in total number of attacks, an 8% rise in Layer 3 and 4 infrastructure attacks and a decline in the average attack duration, down to 17 hours in Q2 from 28.5 in the previous quarter. These findings can be downloaded from www.prolexic.com/attackreports.
A decline in application layer attacks (Layer 7) can be attributed to the proliferation of easy to use, but powerful DDoS attack tools that target network infrastructure. Regardless, one fairly obvious conclusion can be drawn: the threat of being victimized by a DDoS attack is not declining, making DDoS protection critical for businesses that depend on the Internet.
To boost your DDoS defenses, work with your DDoS protection provider to stay constantly informed of trends in DDoS attacks. Your provider should be able to report quarterly statistics on types of attacks and attack origins, as well as issue threat advisories and recommended countermeasures. The more you know about DDoS and the mindset of the attackers the better. Stay informed and proactive. Be vigilant. It’s the foundation for successfully defending your business against ongoing and increasing DDoS threats.
For more insight on this topic, go to www.prolexic.com/4reasons to download the complementary White Paper, “Four Reasons Why DDoS Attackers Strike: What You Need to Know for a Proactive Defense”.