As a rapidly evolving threat, Distributed Denial of Service attacks are surrounded in a haze of confusion. DARREN ANSTEE, chief security technologist at Arbor Networks explores some of the most-common myths.
Distributed Denial of Service (DDoS) attacks have appeared on the threat horizon as one of the most pressing issues for security experts. In today’s cloud-based, always-on business environment, DDoS attacks can pull down an organisation’s online systems, bring workflow and mission-critical processes to a halt, and cause untold reputation damage.
Yes, many businesses and organisations remain at risk, lulled into a false sense of security by believing in one, or more, of the many ‘DDoS myths’. Here are nine of the most-common examples:
1. My type of organisation isn’t a target… Big businesses are not the only targets of malicious web bots. Almost every type of organisation – from corporates to small businesses, banking, governments, hospitals, universities, schools and non-profit organisations have all suffered from debilitating attacks in the past few years.
2. The costs of DDoS protection outweigh the impact of attacks… Many organisations only wait to address the issue of DDoS protection after they have already been hit. Unfortunately, by this stage, it’s already too late and the damage has been done. Don’t fall into the trap of underestimating the combined impact of DDoS attacks at a number of levels:
· Direct financial loss
· Costs to recover from an attack
· Brand damage and loss of consumer trust
· Supply chain disruption
· Contract fines from SLA beaches
· Regulatory fines from compliance breaches
3. My firewall or IPS will keep me safe… While traditional perimeter security solutions are certainly vital aspects of an integrated security set-up, they are not designed specifically to cater for DDoS attacks. Attackers look for gaps in traditional security solutions, they’ll look for devices that conduct stateful inspections of network connections, and take advantage of networks that are left unguarded.
4. My Internet Service Provider guarantees protection… Remember that modern attacks blend volumetric TCP-state exhaustion and application-layer attack vectors. While ISPs upstream may well be able to detect some of the most blatant, larger attacks, it’s the more subtle application-layer attacks that can only be properly managed at the customer premises.
5. I have more than enough bandwidth to survive an attack… Some of the coordinated attacks saturate hundreds of gigs in bandwidth. In fact, Arbor’s most recent Annual Worldwide Infrastructure Security Report confirmed sightings of attacks of an astonishing 800Gpbs in scale. That’s 60 percent bigger than the previous year’s largest reported attack – and in the future they’ll only get worse. It’s unlikely that anyone has enough bandwidth to cater for attacks like this!
6. I have DDoS protection in place, now I can forget about it… DDoS attacks are evolving at an alarming rate – growing in scale and sophistication. They’re moving in new directions, such as connected sensors and devices like cameras and DVRs that are being weaponised into devastating zombie armies of botnets to launch massive attacks.
7. The odds of being attacked are low – I’ll take the chance… In fact, the odds of DDoS attacks hurting your business are at an all-time high. The Worldwide Infrastructure Security Report revealed that more than half of service providers are now seeing upwards of 21 attacks per month (a 44 percent increase). Twenty-one percent of data centre respondents see more than 50 attacks per month (versus only eight percent last year). Finally, a surprising 45 percent of enterprise, government and education respondents experience more than 10 attacks per month (17 percent up on the previous year).
8. DDoS isn’t an advanced threat (which is where I should focus my resources)… Arbor research shows that more than a quarter of all DDoS attacks are actually used as a diversion tactic, or smokescreen, to cover up the exfiltration of confidential data. Today’s sophisticated attacker often uses a combination of techniques, and DDoS attacks often have a complicated interrelationship with other forms of advanced threats.
9. All DDoS protection tools are the same… There is a vast difference between vendors and between different solutions. Ensure you select a trusted provider with deep experience and resources dedicated to the field of DDoS security. Ensure you have a specialised market-leading DDoS protection, as a key component of your broader security estate.
Showmax launches half-price mobile streaming service
A new streaming product designed specifically for Africa, featuring TV series as well as African content and live sport, is aimed at filling the gap in subscription video on demand services
The subscription video on demand (SVoD) model, which originated in the USA, spread rapidly in countries where uncapped broadband is affordable and widely available. However, because the model also relies on consumers being comfortable with transacting online and having ready access to credit cards, it has barely scratched the surface across Africa.
On top of that, smartphones are often the only only form of Internet access across Africa, and none of the popular SVoD services have been designed for the format.
Showmax says it plans to change this with the launch of a new mobile plan that costs 50% of the standard Showmax package but still features 100% of the same video content. Showmax is set apart by a combination of four pillars: hit African content, exclusive international series, topkids’ shows, and live sport, including weekly matches from the English Premier League, Italy’s Serie A, and Spain’s La Liga.
Showmax says the new plan is aimed at consumers who only use smartphones and tablets to watch video content. Video resolution peaks at standard definition to help reduce data consumption. As it is a product aimed at individuals, only one concurrent stream is included in the plan. As with the regular service, it is also available for a 14-day free trial.
“This is all about an African service developing a solution that meets the needs of African consumers,” saus Niclas Ekdahl, CEO of the Connected Video division of MultiChoice. “Customer feedback consistently points to local content and sport as some of the things that people value most from Showmax. That’s of course on top of the international series, movies, and kids’ shows that are our bread and butter. With all of that content now available in a product designed specifically for mobile usage, we’re doing something no other service can offer.
“On top of that, with groundbreaking deals like our new offer with Vodacom in South Africa, we solve the credit card issue through add-to-bill payment and the data issue by including data directly in the package. We’re looking to launch similar offers in Kenya and Nigeria soon.”
Both the standard and mobile plans include live sport, sport magazine shows and sport documentaries. The 2019 Rugby World Cup Final was streamed live on Showmax earlier this month, and the following is a selection of some of the football due to be live-streamed in November:
22 November: Levante vs Mallorca (La Liga)
23 November: Arsenal vs Southampton (Premier League)
24 November: Bologna vs Parma (Serie A)
25 November: Aston Villa vs Newcastle United (Premier League)
29 November: Celta Vigo vs Valladolid (La Liga)
30 November: Fiorentina vs Lecce (Serie A)
30 November: Chelsea vs West Ham United (Premier League)
Showmax’s mobile plan is currently available in Nigeria, Kenya, and South Africa.
Comparison of Showmax plans:
|Price per month||R49 / N1450 / KSh 375||R99 / N2900 / KSh 750|
|Watch on smartphone or tablet||Yes||Yes|
|Watch on smart TV and computer||No||Yes|
|TV series, movies, kids’ shows||Yes||Yes|
|14-day free trial||Yes||Yes|
|Chromecast and AirPlay||No||Yes|
|Number of devices||One registered device||5 devices can be registered, with 2 able to stream at the same time|
For a 14-day free trial, visit www.showmax.com.
Online series wins SA’s Journalist of the Year award
A series of stories on gang warfare in Hanover Park earned Tammy Petersen of News24 the ultimate prize in South African journalism. Here are all the winners of the Vodacom Journalist of the Year awards.
At the 18th edition of the Vodacom Journalist of the Year Awards held at Vodacom World earlier tonight, News24’s Tammy Petersen took top honours and the R100,000 grand prize as national winner for her body of work on a gang war series entitled When you live in Hanover Park, you know death. Petersen’s submission was one of over 1,000 entries received from around the country across 12 categories – Investigative, Opinion, Lifestyle, Photography, Sport, Economics, Politics, CSI, Live reporting/ breaking news, Data Journalism, Multi-platform and the Young Journalist of the Year Award. This year’s theme – Connect the Dots – pays tribute to the best-of-the-best of those entries.
Takalani Netshitenzhe, Chief Officer for Corporate Affairs at Vodacom Group says: “This year has seen extraordinary entries to the 18th Vodacom Journalist of the Year Awards. Not all the stories that are national winners were about huge events but also showed the importance of telling the stories of ordinary people. In line with our theme, the dots were indeed connected, and we congratulate all the winners.”
Convenor of the judging panel Ryland Fisher says: “The quality of entries has convinced the judges once again that our industry is in good hands, as far as journalism is concerned, despite the many problems that have beset the industry in recent times. Judging from the entries, South African journalists are determined to fly the flag high for a free, independent, and vigorous media, which augurs well for our democracy. As judges, we can only salute all the entrants for the great work that they submitted. In the end, our industry is probably the biggest winner.”
Judges for this year’s awards are: Ryland Fisher (convenor), Jermaine Craig, Arthur Goldstuck, Albe Grobbelaar, Franz Kruger, Patricia McCracken, Mapi Mhlangu, Collin Nxumalo, Mary Papayya, and Obed Zilwa.
Visit the next page for the full list of winners and their citations.