Gad Elkin, Head of EMEA Security, F5 Networks
Despite the ever-changing arsenal of today’s hackers, the Distributed Denial of Service (DDoS) attack has remained a permanent fixture since it burst onto the scene, striking fear into the hearts of businesses all over the world as critical processes become increasingly reliant on network access. Seemingly every day, the strength at which such attacks are administered reaches new heights, now being registered at 500Gbps, representing a 60 times increase in 11 years. Perhaps most worrying, however, is the diversity that the DDoS attack has shown since it first appeared, evolving almost constantly to evade cyber-defences.
This evolutionary perception of cyber-techniques has even broken through to the consumer sphere – our latest research showed that 72% of consumers believe that hackers are getting more sophisticated. Furthermore, over half (61%) of respondents believed that businesses are not doing enough to protect themselves and their customers from cyber-attacks, a notion emphasising the need for companies to act quickly or risk losing revenue.
A long-term threat
It seems as though we’ve been talking about DDoS for a long time now. In fact, basic DoS attacks existed before the commercial internet, but it wasn’t until the turn of the millennium that DDoS attacks began tormenting businesses. Now simple, cheap, usually anonymous and more accessible to the common individual than ever before, businesses from a range of industries have been targeted by DDoS attacks. Recent high-profile victims include GitHub, Ashley Madison, Carphone Warehouse and Talk Talk, showing that these methods remain as potent as ever.
Let’s take a look at some of the techniques and trends that have emerged recently:
Ironically, the first tactic aims to be effective without launching an attack. The modus operandi of extortion attacks see victims receive an email explaining who the attackers are and even linking to some recent blogs written about them and their tactics. Eventually, protagonists state that unless a fee is paid (usually around 40 Bitcoin but demands can go into the hundreds), a large-scale DDoS attack will be launched.
An additional trend we are seeing across the majority of emerging tactics is that they are often employed as diversions. While victims are focusing defences on high-volume attacks, hackers are actually targeting a local application. Therefore, offenders aren’t necessarily aiming to disrupt a website or service, but instead steal personal or financial data by gaining access to an application with a secondary assault.
The perfect example of how techniques have evolved, Dark DDoS takes advantage of that fact that most IT departments can only detect attacks above 1GB per minute. Cyber-criminals therefore send out constant, low-volume bursts over a longer period, so low in bandwidth that the victim is unable to detect them. This method is becoming an integral facet to a hackers’ toolkit, used as a distraction, or as an active part of a sophisticated multi-layered attack.
Dark DDoS is less focused on the traditional purpose of denial of service attacks and are more aggressive, targeting the security architecture of individuals’ devices rather than simply disrupting a service. It is a technique growing particularly quickly, as the non-detectable threshold in which it is conducted allows cyber-criminals to torment organisations while keeping security teams and traditional scrubbing solutions blind to the threat.
The simplicity of administering a DDoS attack is demonstrated by its availability on online professional marketplaces. Previously only available on the Dark Web, hacking services can now be purchased for as little as £10 for half a day, heralding the rise of DDoS as a commodity. Often originating as ‘stressers,’ through which businesses buy DDoS services in order to test their own cybersecurity, providers of these services have been known to offer to target any servers.
Many organisations now targeted with cyber-attacks have voiced suspicion that competitors may be responsible behind the scenes, given that DDoS-as-a-service allows any individual or business to wage cyber-war for the price of a t-shirt.
Define your DDoS strategy
It’s simple – the average DDoS attack is now more than strong enough to bring a business down. Now a matter of when not if, taking no preventative action is not an option. Better collaboration between government, law enforcement and businesses is all very well, but given that organisations could be immobilised anytime, they need measures which can be implemented now. It is imperative that organisations define their DDOS mitigation strategy in order to be better prepared for upcoming risks.
Given the rise of techniques like Dark DDoS, it is often not clear if a business is being targeted. Therefore, it’s more important than ever to ensure that web traffic is being constantly monitored for irregularities and that they have the measures in place to react rapidly. Worryingly, our recent report in partnership with IDC revealed that only 25% of businesses decrypt network traffic to inspect network traffic for threats.
An important method is the employment of on-premises and cloud-based anti-DDoS technologies, so as to allow the mitigation of both local-level attacks targeting the application layer and attacks launched from outside the infrastructure, as well as services that can clean malicious traffic before it gets to the network. One or the other just won’t do; a hybrid approach can give organisations the flexibility to protect against the range of weapons now at hackers’ disposal.
Undoubtedly, the number of DDoS attacks has increased and motivations are complex, and yet businesses seem more vulnerable than ever. DDoS has evolved from a one-dimensional nuisance into a multi-faceted threat often hiding sinister ambitions. Today, many hackers are using DDoS as a means to an end, a smokescreen hiding a much more damaging, malicious intent that could see sensitive business data compromised. With our research showing that half of UK consumers would not purchase products from a company that has been hacked, it’s vital that businesses are equipped to appropriately counter diverse threats – it’s time to act now, or risk potentially catastrophic consequences.