Advanced, Persistent and Costly: DDoS Grows Up

July 15, 2015 Kevin Whalen


Just in case you haven’t noticed, DDoS attacks have become larger, more sophisticated, and unfortunately, easier to perpetrate against a wide range of targets. In fact, DDoS has become a complex attack against availability that is often highly effective and can be difficult to defend against.

Attackers have become increasingly proficient at generating tremendous volumes of debilitating traffic using reflection/amplification-based techniques leveraging common protocols such as NTP, SSDP, and. In past 10 years DDoS attacks have grown 4,900 percent, peaking at 400 Gbps in 2014. More worrisome, the number of DDoS attacks over 20 Gbps increased eight-fold just last year.

Attacks aren’t only enormous, they can be stealthy as well, making it difficult to initially detect and mitigate. They generate traffic on different application layers: HTTP, HTTPS, SMTP, VoIP and DNS.  They use “low and slow” application level traffic, in conjunction with volumetric, connection attacks, to fly under the detection radar.

These attacks don’t happen in isolation, they aren’t either high volume, or targeting applications. They are often both, together, in a single and sustained attack. DDoS today target not just connection bandwidth and applications but multiple devices which are part of your existing security infrastructure, such as firewalls and IPS devices.

It is the combination of these tactics and vectors in a fast-changing, persistent and coordinated campaign that can wreak havoc on targeted organizations. Ever since the Operation Ababil attacks on the US financial sector, multi-vector, complex DDoS attacks are a fact of life for network operators.

Regrettably, the complexity of these attacks has not reduced their frequency: the availability of cheap, online DDoS services – offering to attack someone of your choosing – enables anyone with an Internet connection and a grievance to launch an attack. ASERT’s Curt Wilson recently wrote a blog post examining some of the leading tools which enable people to launch an attack with little technical expertise required. . The results are startling. According to Arbor’s research:


The lowering of the barrier to entry is a true game changer in terms of the DDoS threat. It used to be certain verticals would be likely targets for DDoS: finance, gaming and e-commerce. Today any business must consider themselves a potential target of attack, for any reason, real or imagined. And don’t forget, success begets more attacks. If you are hit and unprepared, it is likely they will keep coming back with more attacks.

The pain points and costs of DDoS have also expanded. Today’s enterprise has multiple and diverse web-based applications, public-facing or not. The more obvious business consequences result from poorly performing or unavailable public-facing services that customers interact with directly: websites, helpdesks, or self-help sites. It is too easy for customers to move to the competition. And how much will you have to spend to get them back?

But that is not all. New attack vectors and techniques can cause service problems for a range of common infrastructure components: routers, switches, ADCs, load balancers, etc. These devices are simply not designed for DDoS protection. Addressing performance problems, even if the attack only slows down routines, will require your staff time and attention. What else could these resources be doing to contribute to the bottom line rather than chasing alerts and re-routing traffic?

New attacks targeting the application layer can bring down a server itself. Even a single server failure can have a ripple effect of unexpected – and costly – consequences. Many back end sub-systems are handling a variety of critical tasks. A POS system in retail that cannot communicate with your inventory database, or the current discount data, could severely impact in-store sales. A manufacturer’s back-end web property goes down and your suppliers can’t order parts and your products don’t get built. The CFO can’t close quarterly or year-end books without access to current revenue and sales data. Without access to customer service history or current account information field resources can be crippled from performing on-site service.

Somehow the acronym of DDoS just doesn’t seem to capture the full scope of today’s advanced attacks on availability.

The post Advanced, Persistent and Costly: DDoS Grows Up appeared first on Arbor Insights - Our People, Products and Perspective.


Previous Article
What is intelligence, anyway?
What is intelligence, anyway?

One of the smartest people I ever met was a house painter. During summer...

Next Article
The Art of The Long Haul and Avoiding the Quick Security Fix
The Art of The Long Haul and Avoiding the Quick Security Fix

In the previous post, we discussed how a new generation of security and...