- Category: August 2015 - Security
Hacks can paralyze websites or allow data theft, harming the reputation and consequently sales of concerned companies enormously. In the following, we take a look at the procedures of cybercriminals and their goals, as well as defence against the dreaded DDoS attacks.
Gaining influence and power is the goal
For hackers - especially "hacktivists"- it is all about influence and showcasing power. For instance, the hacker group “Anonymous” announced very publicly in the run-up to the World Cup in Brazil that it planned to attack the servers of sponsors such as Adidas, Emirates or Coca-Cola. Ultimately, the damage caused was actually limited and did not affect the running of the tournaments, nevertheless, the hackers took advantage of the global event to draw attention to their own messages and goals. Often, however, the theft of sensitive data is the one and only target of attackers. Early August 2014, for instance, it became public that Russian hackers have seized 1.2 billion login combinations and more than 500 million email addresses, according to the US security firm Hold Security. Apparently, the cyber criminals were phishing on 420,000 sites for user data. The sheer magnitude makes clear, how dangerous attackers on the Internet can be. In order to maximize the damage or to capture as much data as possible, hackers often choose targets which hold large amounts of data because of the business model, such as eCommerce sites with large web shops, banks, government agencies or Internet Service Providers (ISPs). The latter can even serve as a multiplier, if several thousand websites are accessed by companies and private citizens via them.
DDoS is a hacker’s virtual crowbar
A common type of attack is the Distributed Denial-of-Service (DDoS) attack that floods enterprise servers with millions of requests per second. As soon as the server crashes due to the overload, the company's website is no longer accessible and all IP-based applications can in fact no longer be used. In addition, resulting from the overloaded DNS server, security vulnerabilities occur that attackers can use to influence the DNS cache. Thus, the web traffic of a company's website can be, for example, redirect to a fraudulent site.
Preparing for DDoS attacks
The principle of a DDoS attack is simple, making more requests to a server than it can answer: More than half of all DDoS attacks flood their target with more than one million requests per second. Since even the most powerful conventional DNS server cannot handle more than 300,000 requests, companies need to protect dozens of redundant servers and additional components, such as load balancers, a highly complex and expensive IT infrastructure. Alternatively, technology companies can come into consideration. EfficientIP, for instance, recently introduced the SolidServer DNS Blast, which can handle 17 million requests per second. Due to its high performance, only a few devices are required to make sure that attacks have virtually no consequences.
All precautions taken are of course still not changing the fact that hackers are generally well equipped and tech-savvy. They are able to identify security solutions quickly and assess their effectiveness prior to their hacks. As companies often do not know about these risks, they do not invest enough in specialized DNS security solutions, which makes DNS servers the weakest link of the entire IT infrastructure.
By Daniela La Marca