Today is the first awareness day for distributed denial-of-service (DDoS) attacks, aimed at raising awareness of the brutality of the vector and potential mitigation strategies.
Hosted by a number of companies including Neustar and Arbor Networks, the all-day online event will bring together industry and government experts to raise awareness around the growing threat. In the same week as Google announced the launch of
Project Shield, Neustar head of security services Susan Warner, told IT Security Guru that it was intending to raise awareness “as a lot of IT managers do not truly understand the importance of the situation”.
Warner said: “People will hear about DDoS attacks and not do anything [to protect themselves], so we wanted to do something within the US Cyber Security Awareness month, from DDoS 101 to technical challenges and what people need to know about.
“After
Spamhaus, it definitely is evolving; with application layer attacks to more sophisticated attacks, there are now videos on YouTube on how to launch a DDoS attack and we see an increase in attacks on networks, so this is a thriving threat.”
Speaking at last week’s IP Expo conference in London, Werner Thelmeier from Radware said that DDoS is the highest cyber security threat as there are more attack vectors which can be blended, while low and slow and HTTPS attacks are also prevalent.
He said: “The firewall and intrusion prevention systems cannot protect you from a DDoS as three entities are under attack – the server, firewall and pipe. You need to stop the attack before it reaches your infrastructure.”
Also speaking at the conference on DDoS attacks, F5’s Keiron Shepherd said as botnets become harder and harder to build, this is an easier method of flood attack. Looking to future tactics, Shepherd said that a lot will target HTML5 and Java plug-ins, while mobiles will be targets too. In terms of protection, he said: “I think that the hybrid approach will evolve and keep evolving. You have got to see attacks coming in, so unless you do SSL externally and can view it, there is no chance of mitigating it.”
Warner commented that there is too much reliance put on the firewall for protection, and today’s program of live
eventswill offer different content for everyone. “After the event we will open up the communication lines with attendees on what can benefit you, and we want to make this a collaborative effort for additional security areas,” she said.
“Whether you’re a massive corporation or a small business, the threat of a DDoS attack remains very real and can have massive financial and structural ramifications,” said Rodney Joffe, senior vice president and fellow at Neustar.