DDoS Perspectives: A Network Operator’s Point of View

Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. DDoS attacks have been gaining popularity over the last few years, but they are more of a concern in 2018 than ever before. According Corero Network Security, the frequency of DDoS attacks has risen by 40% year over year from 2017 to 2018. Whether you’re building a new network or upgrading your network to offer gigabit Internet access or fiber network based services, its important to understand your strategy for DDoS.

            While the frequency of DDoS attacks is increasing, the duration of attacks is decreasing. DDoS attacks have become shorter but more powerful and more persistent. A study found that 77% of DDoS attacks on organizations today last 10 minutes or less. Short duration attacks mean that many organizations don’t even realize they are being attacked. Because of this, they are not mitigating the attack or the damage it causes on their network. This causes service availability and quality issues, spikes in customer service calls and complaints, and brand and revenue erosion, among other major issues.

DDoS attacks are becoming harder to mitigate, with more than 15 employees typically involved in diffusing the threat when an attack strikes.

          The impact of the shorter but more powerful DDoS attacks is nothing to shrug at; criminals recently exploited the Memcached amplification attack vector, grabbing headlines, and made everyone realize that Terabit-scale attacks are now a reality. Adding to the complexity, we are finding that DDoS attacks are often used by attackers as a precursor or smokescreen for data breach activity. Hackers take advantage of distracted IT teams and degraded network security defenses to exploit other vulnerabilities for financial gain.

           The majority of participants in the aforementioned study cited the proliferation of unsecured Internet of Things (IoT) devices as the top reason for concern about DDoS attacks. Attacks that leverage IoT devices are extremely popular and effective. IoT devices are quickly brought to the market at the lowest cost possible, and securing them is often an afterthought. Typically, a consumer plugs in an IoT device and never contemplates the security aspect or the fact that it could be used as a player in a major DDoS attack.

            Even worse than the use of IoT botnets for attacks is the use of public cloud services, which is seeing a huge increase this year. According to data accrued by DDoS mitigation firm Link11, the numbers of attackers that rely on public cloud services soared during the 12 months to June 2018. During this time, 25% of attacks in Europe were run off public cloud servers, which is a 25% rise year over year. The increased interest from DDoS perpetrators in using public cloud is due to the greater amounts of bandwidth it offers, meaning the volume of traffic generated by public cloud-based botnets is far higher than what could be achieved by hackers compromising IoT devices.

            Attackers use the public cloud for the same reasons a lot of enterprises use it. The services provide flexible, on-demand capacity and resources, and can be provisioned in just a few minutes. Link11 said it is often fruitless to try to block traffic from Amazon, Microsoft, and other public cloud providers if they are already using public cloud services in-house.

DDoS attacks are costing enterprises up to $40,000 USD per incident.

        You may be asking yourself what exactly DDoS attacks do in terms of damage. Attacks are costing enterprises up to over $40,000 per attack in lost business and productivity plus mitigation costs. This is an insane figure, but survey respondents cite loss of revenue as only the fourth most damaging effect of DDoS attacks. The majority of respondents cite the loss of customer trust and confidence as the most damaging effect on business. Even if you fix the damage of the DDoS attack on your network, consumers may never trust your services again. Beyond the loss of customer trust, respondents cited the risk of intellectual theft and the threats of malware infection as the most damaging effects on business arising from DDoS attacks.

Even if you fix the damage of the DDoS attack on your network, consumers may never trust your services again.

            This research polled more than 300 security professionals worldwide from a range of industries including financial services, cloud, government, online gaming, and media sectors. 69% of the responding organizations claim to experience between 20 and 50 DDoS attack attempts per month. Another concerning detail is that having faced one attack, a fifth of organizations will be targeted again within 24 hours. DDoS attacks are a constant threat.

            Almost anyone can conduct DDoS attacks. Everyone, from countries to online gamers, is using DDoS attacks. For example, DDoS attacks have become the new geopolitical tool for nation-states and political activists. These are big, premeditated attacks used to send a message or take down a website in opposition to someone’s viewpoint. On a smaller scale, the rage-fueled DDoS attacks on gamers by other gamers are a good example of a spur-of-the-moment, emotional attacks enabled by the availability of DDoS-as-a-Service (DaaS).

            DaaS platforms enable virtually anyone to launch a cyberattack with relative anonymity, and they are relatively cheap. This April, Webstresser.org—one of the largest DaaS providers in existence, which allowed criminals to buy the ability to launch attacks on businesses and was responsible for millions of DDoS attacks around the globe—was taken down in a major international investigation. However, their competitors are still around and conducting attacks at a rapid rate.

            DaaS platforms are fully functional web applications that allow registered customers to manage their balance and plan their DDoS attack budget. Some developers even offer bonus points for each attack conducted using their service. Essentially, cybercriminals have their own loyalty and customer service programs. As of March 2017, a DDoS attack lasting 10,800 seconds would cost the client $60, or approximately $20 per hour. Newer figures show DDoS attacks for even less money; TrendMicro Research found that $150 could buy a weeklong DDoS attack on the black market. This low price point means virtually anyone can launch a network-crippling DDoS attack if they know where to look.

            Your network may not be supporting nation-states, but it is definitely full of gamers. Games like Fortnite require big bandwidth and are becoming extremely popular. Over 125 million people have played Fortnite since it launched in July 2017. The world of eSports is also exploding; the eSports market is expected to generate close to 1.5 billion USD in revenue by 2020. If your network is full of DDoS related issues, these valuable customers will undoubtedly leave you behind.

So how can you prevent these attacks on your network? First, organizations using public cloud services should analyze in detail the communication between public cloud services and their own network, and monitor for malicious or unwanted traffic. Ongoing analysis of data traffic, using machine-learning techniques, enables legitimate traffic to be profiled and fingerprinted, so that any changes can be detected quickly and reliably. The malicious traffic can then be filtered out in a granular manner before it can impact on the organization’s business. Furthermore, automation is a good option.

88% of service providers already use intelligent DDoS mitigation solutions as part of their strategy. Firewalls and intrusion prevention systems that come with some built-in DDoS mitigation are not sufficient; organizations should also consider some of the on-premises, in-cloud, and hybrid DDoS mitigation options currently available.

Map of DDoS attacks happening in real time

Simulated DDoS attack platform

The Cost of Launching a DDoS attack

Average DDoS attack is 5 times stronger this year compared to last year

 

Ronin Technology Advisors

We believe that networks are about creating value for the company, the investors, the customers, and the community. At Ronin, we bring to bear decades of experience designing, building, and operating broadband infrastructure. We are enablers of network infrastructure and services, and our team is fluent in technology and business. Working with Ronin means engaging authentic career product developers, project managers, engineers, technology strategists, and sales executives who not only love networks, but also have built their entire careers on them. Looking to see how to incorporate DDoS into your network strategy? Give us a call 303.678.1844 or drop us a note at hello@roninpbr.com and let’s start talking.

The Dangers of Public WiFi

How often do you check your work email when you’re at Starbucks? Do you enjoy online shopping while you sip your coffee? Public WiFi is one of the most convenient and useful features of today’s society. However, using public WiFi comes with many serious security risks, yet the overwhelming majority of Americans do it anyway. In a study by privatewifi.com, 75% of respondents admitted to connecting to their personal email while on public WiFi.

There are many ways a hacker can access your data while you’re on public WiFi. The most common method is “Man in the Middle,” where traffic is intercepted between a user’s device and the destination by tricking the user’s device into thinking the hacker’s machine is the access point to the internet.

There are many horror stories about public WiFi out there, one of which was known as “Dark Hotel.” Dark Hotel ran for 7 years and is believed to be a sophisticated economic espionage campaign. It targeted CEOs, government agencies, U.S. executives, NGOs, and other high-value targets while they were in Asia. When they connected to what they believed to be the hotel’s public WiFi, they actually connected with a hacker who pushed them prompts for software updates. The hacker used what is called a rogue hotspot, which usually carries a similar name to a legitimate hotspot. The “software updates” were actually malware that could sit inactive and undetected for months before being remotely accessed to obtain sensitive information.

So what are some ways to avoid a public WiFi hacking incident? Below are some tips:

1. If you must use public WiFi, also use a virtual private network (VPN) to secure your connection. A VPN creates a secure tunnel where data sent over a WiFi connection is encrypted.

2. Don’t log in to password-protected websites that contain sensitive information when using public WiFi. Examples are banking, social networking sites, and email.

3. Keep your software patched and up to date on all of your devices.

4. Don’t use public WiFi to shop online or do anything with your credit card.

5. Implement two-factor authentication when logging into sensitive sites.

6. Only visit websites with HTTPS encryption when in public places.

7. Turn off the automatic WiFi connectivity feature on your phone, so it won’t automatically seek out hotspots.

Offering internet isn’t enough; there is a quality of service and expectation that the users won’t get compromised if they connect to a wifi network or any other network service. Email us today at hello@roninpbr.com.

Maybe Better If You Don’t Read This Story On Public WiFi

The Real Life Dangers Of Using Public Wifi

How to use in-flight Wi-Fi to stay productive

 

Check this fantastic infographic on 11 Things to Consider When Connecting to Public Wi-Fi via VPN Geeks

The World’s Telecoms Are Under Threat From All Sides

America’s TV and telecom companies are on a buying spree; Verizon bought Yahoo and AOL, AT&T acquired Time Warner, and now CenturyLink, the third largest telecom in the US, has agreed to buy Level 3 Communications, a company dedicated to running the backbone of the Internet. Old school communications companies are under threat thanks to streaming services like Amazon and Netflix. Some Internet companies, like Amazon and Google, are even pushing into home Internet services. As a way of fighting back, telecom companies are buying up media that travels across these networks like TV shows and series’.

CenturyLink has decided to do something different. They’ve more or less accepted they’re losing consumer home internet subscribers, cord cutters, and fans of 5G wireless, so instead they are focusing on business services. This is where the company already makes most of its money. Both companies are profitable, but the author of this article compared the merger to “two old money families marrying their fortunes together in an effort to stave off death at the hands of new money interests.”

5 Things to Know About DDoS

Distributed Denial of Service attacks are increasing in size and power. We have been watching the growth of DDoS attacks for the last year, and we’ve compiled a list of important things to know about DDoS.

1. The gaming industry is the most frequently targeted industry by denial of service attacks worldwide, making up 57% of attacks.

2. Smart refrigerators, TVs, tea kettles, and power outlets can leak your unencrypted data. There are millions of poorly secured IoT smart devices with bad default passwords or no security at all.

3. DDoS attacks can comprise up to 10% of a country’s total Internet traffic according to Cisco

4. The largest DDoS attack the Internet has ever seen was a 1TBps attack on OVH hosting

5. Twitter is not immune to DDoS attacks. Its servers were offline for 30 minutes in November 2016 and Wikileaks reported it as a DDoS attack.

5 Things to Know About DDoS

Distributed Denial of Service attacks are increasing in size and power. We have been watching the growth of DDoS attacks for the last year, and we’ve compiled a list of important things to know about DDoS.

1. The gaming industry is the most frequently targeted industry by denial of service attacks worldwide, making up 57% of attacks.

2. Smart refrigerators, TVs, tea kettles, and power outlets can leak your unencrypted data. There are millions of poorly secured IoT smart devices with bad default passwords or no security at all.

3. DDoS attacks can comprise up to 10% of a country’s total Internet traffic according to Cisco

4. The largest DDoS attack the Internet has ever seen was a 1TBps attack on OVH hosting

5. Twitter is not immune to DDoS attacks. Its servers were offline for 30 minutes in November 2016 and Wikileaks reported it as a DDoS attack.

Please… Use Better Passwords

Vice’s website Motherboard shares a regular series of blog posts titled “Another Day, Another Hack.” Using some of these hacks as examples, information security should be a top priority for you and your business.

VK is a website that looks and operates extremely similar to Facebook. As of 2014, VK had 100 million users. In the last few years, the site has been hacked and over 100 million data points were leaked and for sale on the Dark Web. The data is selling for 1 bitcoin, or just under $600 at today’s exchange rates. Among the exposed data were usernames, passwords, email addresses, and phone numbers. The hacker, known ironically as Peace, claims to have access to another 71 million accounts.

Here’s where it gets really sad: The most popular password in the stolen dataset appeared over 700,000 times: 123456. Other popular passwords were “qwerty,” “123123,” and “qwertyuiop.”

For something a little closer to home, as of last month, 117 million LinkedIn emails and passwords have been leaked. This breach was performed by the same hacker, Peace, in 2012, and at the time it was believed only 6.5 million encrypted passwords had been posted online. The reality was much worse than anyone thought. On the Dark Web, 5 bitcoins can get you this leaked LinkedIn data.

The prevalence of password reuse means we’ll see the same weak passwords unlock other accounts, too. Even if you come up with a great password, reusing it 10 times on different websites you use makes it weaker with each use. You may love the ease of 123123, but you’ll wish you’d been a little craftier when someone spends a few hundred bucks to steal your identity.

Small Businesses Can Compete Using the Cloud

As broadband comes to rural America, small businesses will be asking “Why do I need this if I’ve gone so long without it?” The short answer is that cloud services level the playing field. Small businesses can reach more customers and run more efficient operations; both of these put more dollars in your bank. Imagine having the back office capabilities of fortune 500 companies for a fraction of the price. Consider how many more customers are looking to connect with the small businesses on the cutting edge. The most successful providers have a network that supports these services.

In years past, small business owners had to run applications or software physically downloaded on a computer. This process was expensive, and if you’re still using it, chances are your business is at a major disadvantage. Thanks to the cloud, users—business owners—can access information on any device, anywhere in the world, at any time. It makes running your business much more efficient so you can stay focused on projects without sitting behind a computer all day. If you’re unsure about the cloud, here are some benefits for small businesses of switching to the cloud.

1. Increased Mobility, Flexibility, and Collaboration

61% of empoyees have reported that they work outside of the office at least part of the time. Today’s workforce is rapidly evolving into one that is constantly moving. Freelance workers can work remotely, or an employee can head home early and still collaborate with her boss back at the office. Cloud-based apps make accessing, sharing, and collaborating on information easier than ever before.

2. Increased Security

Server-based programs are more vulnerable to viruses, identity theft, data loss, and intellectual property theft than their cloud-based counterparts. One benefit of the cloud is that your data is backed up offsite. Cloud providers remain on the cutting edge in terms of security tools and controls, advanced encryption, etc,.

3. Disaster Recovery

Cloud based applications have been engineered specifically to save time, avoid extra expenses, and leverage third-party expertise. According to the Aberdeen Group, small businesses are more than 2 times more likely than other sized enterprises to have implemented cloud-based backup and recovery solutions.

4. Cost Efficiency

Instead of purchasing expensive hardware, requiring installing, updating, and maintaining, you can invest in software that will reduce costs like additional IT staff. Suppliers take care of maintenance and updates for you. Cloud implementations have been found to be up to 46% cheaper than their server-based counterparts.

5. Storage Capabilities

Cloud-based apps give you the ability to scale up or down based on your business needs. If your business grows, you’ll need to expand your storage. Instead of purchasing new hardware to do so, you can increase your storage through your cloud provider at a fraction of the cost.

Want to maintain a competitive edge and increase your productivity at a reasonable price? Move to the Cloud today.

This article is based on Eric Hebert’s post on CloudTweaks.

Hackers can break in to your facility for $700, aided by your employees themselves

          An astounding number of medium-to-gigantic businesses, including some college campuses, use RFID—radio-frequency identification—fobs or badges as a “secure” way of getting around. Only people with fobs, the people who are supposed to access certain areas, should be able to do so. However, a team of hackers recently compromised a rural power company’s facility in several ways, including their RFID entries. 

          The RFID’s ease of use is one of the main reasons it’s such a popular option, with many companies touting it as part of their security processes, with some going as far as investing in picture identification cards as well.  A typical installation of a single-door lock 7 reader costs between $1,500 and $3,000 depending on its features. The price varies depending on location, but these estimates are valid for Northeast Arkansas and similar areas. 

          As a recent Tech Insider article reveals, for around $700 hackers could acquire the tools, through Amazon or eBay, to break in to your facility. Less than a grand will land the parts needed to build a tool that can read RFID cards from a distance up to three feet. This means that someone could easily use the tool around one of your employees entering a restricted access area—in the article, posing as college students on a tour—and gain all the access information needed to clone the RFID card.

          Here’s the good news: the security breach in the article was a test, and their study found the biggest errors to be the result of humans and not computers. With basic encryption, you can protect your RFID system; your employees using weak passwords and writing them on sticky notes would be your biggest worry. You can currently buy an RFID-blocking sleeve for your badges on Amazon for about $13. Stressing the importance of password security to your employees could be invaluable.

Additional source