- Category: August 2013 - Data Protection & Security
Prolexic just released its brand new "Distributed Denial of Service (DDoS) Media Guide", we‘d like to give you an overview of. According to Prolexic, DDoS attacks have become one of the most common and destructive forms of online hacking, and these malicious attempts to take down websites continue to escalate.
DDoS attacks regularly make headlines
Organized cyber-attack groups, such as Anonymous, frequently launch politically-motivated denial of service attacks to cause website downtime for big- brand corporations, financial services companies, and even the U.S. government. Yet, every day there are hundreds of other unpublicized DDoS attacks on e-Commerce companies and web-based service providers of all sizes. Website visitors are affected when they try to purchase products, access their accounts, or use applications and are greeted with a “Page Not Found” or other error message, instead of the information they expected. Forrester estimates that the average financial damage from four hours of website downtime is a loss of US$2.1 million dollars – and US$27 million for 24-hour outage. The firm also reports that financial services companies lost an estimated US$17 million per DDoS incident in 2012.
How does DDoS work?
Overwhelmed with massive amounts of unsolicited data and/or requests, the target system either responds so slowly as to be unusable or crashes completely. The data volumes required to do this are typically achieved by a network of remotely controlled zombie or botnet (robot network) computers. These computers have fallen under the control of an attacker, generally as a result of infection from a Trojan virus.
An IT department, trying to identify the attacker, will not see the attacker’s IP address, but rather a list of possibly millions of attacking IP addresses. Even if an IT specialist is somehow able to identify the control servers being used to coordinate the attack, they rarely can identify the people behind it, since clever hackers have ways to effectively multiply the effect of their horde of zombie machines. Instead of simply telling the botnet to flood a target directly, each of the infected PCs can be instructed to send requests to a long list of uninfected computers that result in specific responses, such as domain name (DNS) lookups. Ordinarily, this would simply lead to a flood of responses back to the botnet machines, but there’s a twist – hackers can spoof the Internet addresses of the infected computers, so the responses are redirected to the real target. This creates a digital tsunami of confusing information that slows or stops the target system.
DDoS attack types
Botnets are used to launch different types of DDoS attacks. Each type is characterized by the way it affects web-facing routers, servers, and other elements in a network. Beyond that, there are potentially hundreds of variations using different attack signatures. Attackers can randomize or change signatures in real time during the attack, making it more difficult to detect and mitigate. Types of attacks and their targets are specified in more detail in the media guide at: www.prolexic.com/mediaguide
Where do DDoS attacks come from?
DDoS attacks are a global issue. Organizations all over the world are targeted or in other words almost every country is a source of DDoS attacks. Countries that have vast and extensive infrastructures are typically more susceptible to being targeted by malicious groups, as are those with many web applications that access large numbers of web servers. Many attacks originate from compromised servers at hosting providers that are slow to respond to malware clean-up requests, as well as servers that are out of reach of international authorities.
Leading sources of botnet traffic in Q1 2013
Understanding the attacker‘s mindset
According to Prolexic it is important to understand the mindset of attackers, who have motives that range from political activism to extortion to random attacks by amateurs. Only by doing so, it will be possible to develop a DDoS protection strategy. Attackers can be divided roughly into four groups:
- Hackticism or ideological and political differences;
- Extortion and other financial motivators;
- Competitive and cyber hate crime;
- Hacker experimentation.
DDoS mitigation services
A DDoS mitigation service is designed to detect, monitor and mitigate DDoS attacks. A mitigation service, provided by a pure-play DDoS mitigation vendor, consists of a combination of proprietary detection, monitoring, and mitigation tools, along with skilled anti-DDoS technicians who can react in real-time to changing DDoS attack characteristics. Add-on DDoS mitigation service providers such as Internet Service Providers (ISPs) and Content Delivery Networks (CDNs) also offer DDoS mitigation services in the form of automated tools, but they typically have either limited network capacity and/or expertise.
The more you know about DDoS attacks, the mindset of attackers, and available mitigation services, the better you can take proactive protection measures against denial of service threats. Fact is, DDoS attacks are not going simply away. On the contrary, organizations can expect to see an increase in the number and severity of DDoS attacks as cyber-attackers become more sophisticated and bold.
Apart from the new Media Guide, Prolexic provides additional resources to expand your knowledge of denial of service threats and how to win the fight against them. All are free downloads, available after registration at www.prolexic.com.