Does Throwing Investment Away Make You Sick?

Protect It. DDoS Attacks Can Bring Your Business To A Standstill.
September 11, 2011

What Is A DDoS Attack?

This is an introduction to one of the most wide-spread and easy to achieve type of cyber attacks that no longer represents a great threat only for governments and institutions, but for any business with an online presence - the DDoS (Distributed Denial of Service). The attack's goal is exactly what it name implies "Denial of Service", which is to say, it aims to interrupt your network-available service.

Methods used are brute-force and simple. The idea is to saturate resources (e.g. bandwidth, processor time, RAM, etc.) available to the targeted service. This is achieved by flooding the infrastructure with illegitimate requests. Such consumption of the available resources results in considerable service slowdown or complete suspension. Denial of Service attacks, obviously, are cyber crimes by all Internet authority as well as governments all around the world. However, due to limitations in the jurisdiction of individual countries, this type of violation rises to be quite troublesome to pursue.

The Raise In DDoS Attacks

The relative ease of the organization process makes DDoS attacks a viable offensive, not only for hackers and anarchists, but for competing companies and even governments. The "Worldwide Infrastructure Security Report" published by Arbor Networks in 2011 states that DDoS attackers are motivated primarily by political/ideological reasons. To quote from the report, the percentage of DDoS attacks with motivation of such sort is estimated at 35% whereas attacks with purely nihilistic or vandal motivation take second place with 31%. This research in addition to the fact that DDoS tools availability rises with each passing day make this attack type fearsome on many levels.

Today it is possible to retrieve an instrument for DDoS attacks freely off the Internet, like the famous Low Orbit Ion Cannon (LOIC) for example. Renting a oversized botnet is available for tens of dollars, and equally simple (and for a comparable price) you can retrieve a powerful ad hoc network designed specifically to be used for such attacks. Not only that, but attackers seem to be overabundant in their creativity which results in a constant growth of the complexity of their methods. All of this combined make DDoS the number one cyber threat.

DDoS attacks are undergoing exponential growth in popularity as well as magnitude. Over the past few years, lots of new types of attacks have emerged. A good example is the so called DNS Amplification attack which is pulled of with very little resource and uses publicly available DNS servers as instruments to bring down the target. The vast distribution of malware agents like Russkill also known as Dirt Jumper and its newer version: Pandora have brought devastation to multiple web sites over the past years. Other influential factors are the major growth in the IT sector and more specifically in mobile devices, as well as the introduction and implementation of the IPv6 protocol.

The major leap in mobile communications has resulted not only in the development of multiple new platforms for all kinds of applications to use upon. All of these innovations offer an incremental number of security threats, invisible to the user, but exploitable by attackers. Malware becomes even easier to spread with all features available to a smartphone for instance. Sending the agents via e-mail or text messages, makes their propagation nearly impossible to track. Also, in most cases, the malicious software remains undetected to the user. The mobile sector may be doing enormous leaps forward, but mobile security is most definitely not keeping pace.

The final factor in our brief overview is one that can not be left aside. Switchover from IPv4 to the new protocol IPv6 is now imminent. All address allocation for the old protocol has already concluded on the 14th of September 2012. IPv4's address space is quite large. Approximately 4.29 billion addresses are available. IPv6 uses a 128-bit addresses which amounts to ~3.4x10^38 addresses. Imagine how attractive this may seem to "hacktivists". It is an opportunity not to be passed by. As expected, first IPv6 based DDoS attacks are already registered and with the larger acceptance off the protocol, will become quite more frequent.

DDoS Implications

The horror of DDoS attacks knows no bounds. Every web service offering company or institution is a potential target. Attacks are just as likely on any sector of the industry including financial services, e-Commerce, SaaS, payment processing, travel/hospitality, gaming, etc. The large variety of platforms and infrastructure available to cyber criminals makes attacks ever-evolving.

Attacks on layers 3 and 4, considered a thing of the past, are now once again viable offensive. Multilayered attacks are gaining enormous popularity, thus becoming ever more fearsome. According recent statistics around 27% of DDoS victims have experienced combined attacks at multiple layers. Infrastructure attacks (layers 3 and 4) accounted for 81% of total attacks during the period with application layer attacks making up the remaining 19%. Comparing to previous statistics which stated quite the opposite we can conclude, that DDoS trends are volatile in their nature and making predictions about them is no easy task.

What Can You Do?

A DDoS attack shutting your online business will cost you the hard-earned reputation, significant revenue drops and can ultimately void your investment. This plague of locusts can be as detrimental to your livelihood as a natural disaster. Fortunately, there are a number of ways to protect your investment, ranging from free methods of tweaking your firewall to procuring protection services from vendors that are specialized in doing just that.

Impletec is one of the market leaders in contemporary DDoS protection. We have a full-scale set of solution technologies to protect you from DDoS-prone minds, and whatever they may think of throwing your way. Do not let your investment burn