Sharp surge in DDoS attacks is driving networks into the slow lane.
The legendary Woodstock music festival was a watershed moment in 1960s counterculture, famously known as “three days of peace and music.” It is less well known for having created perhaps the worst traffic jam in American history.
County roads and interstate highways became virtual parking lots as more than a half-million people converged on Max Yasgur’s farm in New York’s rural Catskill Mountains. With traffic at a standstill, concert-goers simply abandoned their cars in the roadway and walked to the festival site. Performers had to be flown in and out on helicopters. Governor Nelson Rockefeller declared a state of emergency. The New York Times called it a “colossal mess.”
Distributed Denial of Service (DDoS) attacks have much the same effect on computer networks — minus the music and fun.
DDoS attacks are designed to render servers and/or network resources unavailable by overwhelming them with traffic. This often involves the use of a botnet — a networked of hijacked computers — to unleash a flood of traffic that saps bandwidth, clogs network connections and prevents legitimate traffic from getting through.
Attacks on the Rise
Some DDoS attacks are motivated by “hacktivism,” a desire to disrupt commerce or bring down the web sites of government agencies or large organizations for political or philosophical purposes. Extortion, blackmail, revenge and competitive advantage are among other motives for attacks. Some hackers just do it for the “lulz” — their personal amusement. DDoS attacks don’t require a particularly advanced skillset to execute, either. In fact, they are increasingly launched by so-called DDoS-for-hire services — cybercriminal operations that charge as little as $2 an hour to launch an attack.
Whatever the method or motivation, there has been a marked increase in the frequency, volume and sophistication of DDoS attacks. In its Q1 2016 State of the Internet Security Report, Akamai reported a 125 percent increase in total DDoS attacks compared to the first quarter of 2015. Targeted organizations were attacked an average of 39 times each. One organization was targeted 283 times — an average of three attacks per day.
“We have continued to witness significant growth in the number and frequency of DDoS and web application attacks launched against online assets, and Q1 2016 was no exception,” said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. “Interestingly, nearly 60 percent of the DDoS attacks we mitigated used at least two attack vectors at once, making defense more difficult. Perhaps more concerning, this multi-vector attacks functionality was not only used by the most clever of attackers, it has become a standard capability in the DDoS-for-hire marketplace and accessible to even the least-skilled actors.”
Internet of Things Targeted
It is no coincidence that the increase comes at a time when more and more devices are becoming interconnected through IP networks in the so-called “Internet of Things.” As more devices become IP-enabled, it increases the number of devices that can be compromised and used in distributed attacks.
“By its very design, the Internet of Things is built with lightweight security,” said Terrence Gareau, Chief Scientist, Nexusguard. “These devices rely heavily on shared libraries and a rapid development cycle. Because of their constraints, many IoT devices have limited options for firmware upgrades and other risk management features. The fact that they are also always online makes them highly susceptible to intrusion and attacks.”
Some of today’s attacks leverage an intimate understanding of the Internet routing topology. So-called Distributed Reflection and Amplification Denial of Service (DrDoS) attacks exploit common network protocols inherent in network devices. DrDoS attacks using these protocols can be difficult to trace back to the malicious actor because they often involve spoofing the origin of the attack. Requests to the victim are reflected to the primary target, making it appear that the target is being directly attacked by the victim.
Many organizations wrongly assume that their existing defenses will stop DDoS attacks, or believe their network will not be targeted. According to the results of a study conducted by Kaspersky Lab and B2B International, 43 percent of large enterprises and 28 percent of small businesses suffered a DDoS incident in the preceding 12 months.
These attacks can cripple a business. According to the Kapsersky/B2B study, a DDoS attack can cost anywhere from $52,000 to $444,000 depending upon the size of the company. In addition to causing serious financial damages, DDoS attacks often harm the victim company’s reputation due to the loss of access to online resources for partners and customers.
According to the study, 61 percent of DDoS victims temporarily lost access to critical business information, 38 percent were unable to carry out their core business functions and 33 percent reported the loss of business opportunities and contracts. In 29 percent of DDoS incidents, a successful attack had a negative impact on the company’s credit rating while in 26 percent of cases it prompted an increase in insurance premiums.
The rapid increase in this attack vector indicates that businesses, both large and small, need to take steps to protect vulnerable devices. Firewalls, intrusion protection and other devices may mitigate very low-level attacks, but high-volume attacks launched from large botnets can easily overwhelm the capabilities of traditional solutions. In fact, security devices can become the attackers’ unwilling allies because they are unable to separate legitimate from illegitimate traffic.
As DDoS attacks have become more complex, sophisticated and frequent, organizations must rethink their security measures. A defense-in-depth posture with a combination of on-premises equipment and cloud-based mitigation offers the best protection against advanced DDoS attacks and will help keep network traffic moving smoothly.