Distributed denial of service (DDoS) attacks are evolving — fast. Today, they’re more complex and more devastating than ever before. How much more devastating? Consider:
- According to Akamai’s Q3 2015 State of the Internet – Security Report DDoS attacks were up some 180 percent year over year.
- The largest single attack in Q2 of 2015 involved 240Gb/second of data slamming into the target network (imagine coping with that). Compared to DDoS attacks against banks only three years ago — averaging 60 Gb/second — that’s a quadrupled impact.
These numbers are startling, as is the revelation by one security vendor that the biggest attack it measured in 2015 was up 25% from the 2014 record holder. Beyond an increase in the average bandwidth available to botnets, DDoS attacks themselves are getting more sophisticated.
In the past, for instance, attackers typically just leveraged a botnet of compromised PCs to attack a target directly, overwhelming it with service requests. These days, in cases known as reflected attacks, a botnet can even pose as the target — tricking uncompromised Internet servers worldwide into attacking the true target inadvertently, via techniques such as network time requests. Reflected attacks like that can make it much harder for organizations to create a viable defense while also increasing the total volume of incoming data.
And that’s just one relevant factor. Another: As more and more smart devices are deployed globally — the so-called Internet of Things — each represents a theoretical addition to a botnet. Many of these devices (e.g. smart thermostats in office buildings) have unsophisticated security that would be much easier to compromise than a traditional Internet endpoint.
No industry is safe.
The conclusion is clear. Getting ahead of the DDoS curve by understanding the new scope and power of DDoS, and by taking proactive measures, will be increasingly important for all organizations, in all industries, going forward.
Notice my use of the phrase “all industries.” While it’s true the finance sector has been a primary target in recent years, this is likely to change as attackers’ ambitions grow in parallel with their capabilities. Extortion-driven DDoS attacks — “pay us or we’ll keep your revenue-generating services offline” — have the potential to hold any business hostage for an indefinite period.
As long as services can be shut down, and the organization has the resources to be an attractive target, DDoS is a very real threat.
Best practices to defend against DDoS.
That said, there are some excellent defensive measures organizations can leverage to good effect, such as:
- Ensuring there is an alternate, possibly cloud-hosted, service delivery infrastructure available for rapid failover during an attack
- Hiring a third-party DDoS specialist to serve as a shield
- Monitoring services for attacks, tracing them when possible, and sharing attack data
- Reducing the odds of an in-house breach through near-real-time, automated patching
- Deploying multiple layers of defense and mitigation tools in addition to signature-based firewalls and routers — including load balancers to balance traffic across multiple servers and cloud-based anti-DDoS tools to filter or divert malicious traffic
In addition to these measures, we recommend considering an adaptive, behavior-based approach to identifying and removing DDoS threats — like the FortiDDoS family of purpose-built network appliances from our partner, Fortinet.
Contact us if you’d like to know more. At Platte River Networks, we routinely help businesses of all kinds mitigate and eliminate a broad range of security threats. Our extensive experience means we’re up to speed on both the best available security solutions and the best practices to deploy and integrate them.
