DDoS Perspectives: A Network Operator’s Point of View

Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. DDoS attacks have been gaining popularity over the last few years, but they are more of a concern in 2018 than ever before. According Corero Network Security, the frequency of DDoS attacks has risen by 40% year over year from 2017 to 2018. Whether you’re building a new network or upgrading your network to offer gigabit Internet access or fiber network based services, its important to understand your strategy for DDoS.

            While the frequency of DDoS attacks is increasing, the duration of attacks is decreasing. DDoS attacks have become shorter but more powerful and more persistent. A study found that 77% of DDoS attacks on organizations today last 10 minutes or less. Short duration attacks mean that many organizations don’t even realize they are being attacked. Because of this, they are not mitigating the attack or the damage it causes on their network. This causes service availability and quality issues, spikes in customer service calls and complaints, and brand and revenue erosion, among other major issues.

DDoS attacks are becoming harder to mitigate, with more than 15 employees typically involved in diffusing the threat when an attack strikes.

          The impact of the shorter but more powerful DDoS attacks is nothing to shrug at; criminals recently exploited the Memcached amplification attack vector, grabbing headlines, and made everyone realize that Terabit-scale attacks are now a reality. Adding to the complexity, we are finding that DDoS attacks are often used by attackers as a precursor or smokescreen for data breach activity. Hackers take advantage of distracted IT teams and degraded network security defenses to exploit other vulnerabilities for financial gain.

           The majority of participants in the aforementioned study cited the proliferation of unsecured Internet of Things (IoT) devices as the top reason for concern about DDoS attacks. Attacks that leverage IoT devices are extremely popular and effective. IoT devices are quickly brought to the market at the lowest cost possible, and securing them is often an afterthought. Typically, a consumer plugs in an IoT device and never contemplates the security aspect or the fact that it could be used as a player in a major DDoS attack.

            Even worse than the use of IoT botnets for attacks is the use of public cloud services, which is seeing a huge increase this year. According to data accrued by DDoS mitigation firm Link11, the numbers of attackers that rely on public cloud services soared during the 12 months to June 2018. During this time, 25% of attacks in Europe were run off public cloud servers, which is a 25% rise year over year. The increased interest from DDoS perpetrators in using public cloud is due to the greater amounts of bandwidth it offers, meaning the volume of traffic generated by public cloud-based botnets is far higher than what could be achieved by hackers compromising IoT devices.

            Attackers use the public cloud for the same reasons a lot of enterprises use it. The services provide flexible, on-demand capacity and resources, and can be provisioned in just a few minutes. Link11 said it is often fruitless to try to block traffic from Amazon, Microsoft, and other public cloud providers if they are already using public cloud services in-house.

DDoS attacks are costing enterprises up to $40,000 USD per incident.

        You may be asking yourself what exactly DDoS attacks do in terms of damage. Attacks are costing enterprises up to over $40,000 per attack in lost business and productivity plus mitigation costs. This is an insane figure, but survey respondents cite loss of revenue as only the fourth most damaging effect of DDoS attacks. The majority of respondents cite the loss of customer trust and confidence as the most damaging effect on business. Even if you fix the damage of the DDoS attack on your network, consumers may never trust your services again. Beyond the loss of customer trust, respondents cited the risk of intellectual theft and the threats of malware infection as the most damaging effects on business arising from DDoS attacks.

Even if you fix the damage of the DDoS attack on your network, consumers may never trust your services again.

            This research polled more than 300 security professionals worldwide from a range of industries including financial services, cloud, government, online gaming, and media sectors. 69% of the responding organizations claim to experience between 20 and 50 DDoS attack attempts per month. Another concerning detail is that having faced one attack, a fifth of organizations will be targeted again within 24 hours. DDoS attacks are a constant threat.

            Almost anyone can conduct DDoS attacks. Everyone, from countries to online gamers, is using DDoS attacks. For example, DDoS attacks have become the new geopolitical tool for nation-states and political activists. These are big, premeditated attacks used to send a message or take down a website in opposition to someone’s viewpoint. On a smaller scale, the rage-fueled DDoS attacks on gamers by other gamers are a good example of a spur-of-the-moment, emotional attacks enabled by the availability of DDoS-as-a-Service (DaaS).

            DaaS platforms enable virtually anyone to launch a cyberattack with relative anonymity, and they are relatively cheap. This April, Webstresser.org—one of the largest DaaS providers in existence, which allowed criminals to buy the ability to launch attacks on businesses and was responsible for millions of DDoS attacks around the globe—was taken down in a major international investigation. However, their competitors are still around and conducting attacks at a rapid rate.

            DaaS platforms are fully functional web applications that allow registered customers to manage their balance and plan their DDoS attack budget. Some developers even offer bonus points for each attack conducted using their service. Essentially, cybercriminals have their own loyalty and customer service programs. As of March 2017, a DDoS attack lasting 10,800 seconds would cost the client $60, or approximately $20 per hour. Newer figures show DDoS attacks for even less money; TrendMicro Research found that $150 could buy a weeklong DDoS attack on the black market. This low price point means virtually anyone can launch a network-crippling DDoS attack if they know where to look.

            Your network may not be supporting nation-states, but it is definitely full of gamers. Games like Fortnite require big bandwidth and are becoming extremely popular. Over 125 million people have played Fortnite since it launched in July 2017. The world of eSports is also exploding; the eSports market is expected to generate close to 1.5 billion USD in revenue by 2020. If your network is full of DDoS related issues, these valuable customers will undoubtedly leave you behind.

So how can you prevent these attacks on your network? First, organizations using public cloud services should analyze in detail the communication between public cloud services and their own network, and monitor for malicious or unwanted traffic. Ongoing analysis of data traffic, using machine-learning techniques, enables legitimate traffic to be profiled and fingerprinted, so that any changes can be detected quickly and reliably. The malicious traffic can then be filtered out in a granular manner before it can impact on the organization’s business. Furthermore, automation is a good option.

88% of service providers already use intelligent DDoS mitigation solutions as part of their strategy. Firewalls and intrusion prevention systems that come with some built-in DDoS mitigation are not sufficient; organizations should also consider some of the on-premises, in-cloud, and hybrid DDoS mitigation options currently available.

Map of DDoS attacks happening in real time

Simulated DDoS attack platform

The Cost of Launching a DDoS attack

Average DDoS attack is 5 times stronger this year compared to last year

 

Ronin Technology Advisors

We believe that networks are about creating value for the company, the investors, the customers, and the community. At Ronin, we bring to bear decades of experience designing, building, and operating broadband infrastructure. We are enablers of network infrastructure and services, and our team is fluent in technology and business. Working with Ronin means engaging authentic career product developers, project managers, engineers, technology strategists, and sales executives who not only love networks, but also have built their entire careers on them. Looking to see how to incorporate DDoS into your network strategy? Give us a call 303.678.1844 or drop us a note at hello@roninpbr.com and let’s start talking.

The Rundown on DDoS Attacks

A combination of factors is driving the trend of DDoS attacks, including the emergence of IoT and mobile botnets, the easy availability of for-fire services in criminal marketplaces, and an increase in criminal actors seeking to monetize DDoS attacks. Here are the basics you need to know about DDoS:

1. DDoS attacks are growing in popularity. There were 7.5 million attacks in 2017. Kaspersky Lab estimated that 33% of organizations faced a DDoS attack last year from just 17% in 2016.

2. IoT devices can be used in DDoS attacks. Attacks that leveraged IoT devices were favored heavily by cybercriminals in the last year. These attacks have been effective, and the proportion of enterprises experiencing revenue loss due to DDoS nearly doubled in 2017.

3. DDoS attacks have become shorter, more powerful, and more persistent. They are no longer just a way to disrupt a victim’s services—they are being used to extort money, or as a distraction to hide other malicious activity and as a tool to hurt competitors

4. You can conduct a DDoS attack if you can pay. There are web services that are fully functional web applications that allow registered customers to manage their balance and plan their DDoS attack budget. A common occurrence we see is with online gamers. Some developers even offer bonus points for each attack conducted using their service. Essentially, cybercriminals have their own loyalty and customer service programs. As of March 2017, a DDoS attack lasting 10,800 seconds will cost the client $60, or approximately $20 per hour.

5. Automation is the first line of defense. 88% of service providers already use intelligent DDoS mitigation solutions as part of their strategy. Firewalls and intrusion prevention systems that come with some built-in DDoS mitigation are not sufficient; organizations should also consider some of the on-premises, in-cloud, and hybrid DDoS mitigation options currently available.

When DDoS attacks happen, service providers are left to pick up the pieces, which can and often does cost thousands upon thousands of dollars. If you’re a service provider, contact us today (303-678-1844 or hello@roninpbr.com) about how we can help you with DDoS protection.

Map of DDoS Attacks Happening in Real Time

Simulated DDoS Attack Platform

DDoS Attacks Using IoT Devices on the Rise

DDoS Attacks Evolve, Remain a Potent Threat

The Cost of Launching a DDoS Attack