As a rapidly evolving threat, Distributed Denial of Service attacks are surrounded in a haze of confusion. DARREN ANSTEE, chief security technologist at Arbor Networks explores some of the most-common myths.
Distributed Denial of Service (DDoS) attacks have appeared on the threat horizon as one of the most pressing issues for security experts. In today’s cloud-based, always-on business environment, DDoS attacks can pull down an organisation’s online systems, bring workflow and mission-critical processes to a halt, and cause untold reputation damage.
Yes, many businesses and organisations remain at risk, lulled into a false sense of security by believing in one, or more, of the many ‘DDoS myths’. Here are nine of the most-common examples:
1. My type of organisation isn’t a target… Big businesses are not the only targets of malicious web bots. Almost every type of organisation – from corporates to small businesses, banking, governments, hospitals, universities, schools and non-profit organisations have all suffered from debilitating attacks in the past few years.
2. The costs of DDoS protection outweigh the impact of attacks… Many organisations only wait to address the issue of DDoS protection after they have already been hit. Unfortunately, by this stage, it’s already too late and the damage has been done. Don’t fall into the trap of underestimating the combined impact of DDoS attacks at a number of levels:
· Direct financial loss
· Costs to recover from an attack
· Brand damage and loss of consumer trust
· Supply chain disruption
· Contract fines from SLA beaches
· Regulatory fines from compliance breaches
3. My firewall or IPS will keep me safe… While traditional perimeter security solutions are certainly vital aspects of an integrated security set-up, they are not designed specifically to cater for DDoS attacks. Attackers look for gaps in traditional security solutions, they’ll look for devices that conduct stateful inspections of network connections, and take advantage of networks that are left unguarded.
4. My Internet Service Provider guarantees protection… Remember that modern attacks blend volumetric TCP-state exhaustion and application-layer attack vectors. While ISPs upstream may well be able to detect some of the most blatant, larger attacks, it’s the more subtle application-layer attacks that can only be properly managed at the customer premises.
5. I have more than enough bandwidth to survive an attack… Some of the coordinated attacks saturate hundreds of gigs in bandwidth. In fact, Arbor’s most recent Annual Worldwide Infrastructure Security Report confirmed sightings of attacks of an astonishing 800Gpbs in scale. That’s 60 percent bigger than the previous year’s largest reported attack – and in the future they’ll only get worse. It’s unlikely that anyone has enough bandwidth to cater for attacks like this!
6. I have DDoS protection in place, now I can forget about it… DDoS attacks are evolving at an alarming rate – growing in scale and sophistication. They’re moving in new directions, such as connected sensors and devices like cameras and DVRs that are being weaponised into devastating zombie armies of botnets to launch massive attacks.
7. The odds of being attacked are low – I’ll take the chance… In fact, the odds of DDoS attacks hurting your business are at an all-time high. The Worldwide Infrastructure Security Report revealed that more than half of service providers are now seeing upwards of 21 attacks per month (a 44 percent increase). Twenty-one percent of data centre respondents see more than 50 attacks per month (versus only eight percent last year). Finally, a surprising 45 percent of enterprise, government and education respondents experience more than 10 attacks per month (17 percent up on the previous year).
8. DDoS isn’t an advanced threat (which is where I should focus my resources)… Arbor research shows that more than a quarter of all DDoS attacks are actually used as a diversion tactic, or smokescreen, to cover up the exfiltration of confidential data. Today’s sophisticated attacker often uses a combination of techniques, and DDoS attacks often have a complicated interrelationship with other forms of advanced threats.
9. All DDoS protection tools are the same… There is a vast difference between vendors and between different solutions. Ensure you select a trusted provider with deep experience and resources dedicated to the field of DDoS security. Ensure you have a specialised market-leading DDoS protection, as a key component of your broader security estate.