Kaspersky Labs principal researcher David Emm tells TechWeekEurope how businesses can stay safe in the face of continued assault
It was a miserable Christmas for gamers, with both Sony’s PlayStation Network and Microsoft’s Xbox Live forced offline on Christmas Day by Distributed Denial of Service (DDoS) attacks (hacking group Lizard Squad claimed responsibility for the attacks). Millions of anxious gamers were left unable to play with their new games or consoles, with the reason given for the attack: “because we can”.
Unfortunately, the attacks on Sony and Microsoft are just the latest in a stream of DDoS attacks to target high-profile organisations. Yet, while high-profile attacks like this make the papers, many others do not. Unlike Advanced Persistent Threat (APT) campaigns, such as Red October, NetTraveler, MiniDuke,and Careto, Distributed Denial of Service (DDoS) attacks rarely hit the headlines, so it’s easy to assume they are rare. But in reality, the DDoS attack is one of the most popular weapons in the cybercriminals’ arsenal.
Understanding the danger
A typical DDoS attack involves a huge number of calls to a server or other Internet resource (such as a web site). These calls overload the victim’s equipment so that the servers lose their ability to service their genuine clients properly.
Today DDoS attacks can be set up cheaply and easily, even without needing to have underworld contacts among hackers. Hackers no longer need to create huge botnets before launching their attacks, while criminal sites offering this kind of criminal service can be easily found on the Internet; and a DDoS attack is available at an affordable price
According to our recent study with B2B International, almost half of IT companies have encountered a DDoS attack. However, most businesses that suffer from these attacks prefer to deal with the problem on their own, so as not to attract press coverage. Not only do such attacks lead to financial losses from unplanned downtime, but they can also cause severe reputational damage that can lead to the loss of valuable customers. The threat from DDoS attacks is real and the impact is significant. So it’s important that businesses of all sizes need to find an effective way to safeguard their organisations from such attacks.
How to stay protected
The key to defending against DDoS attacks lies in early detection of an attack and mitigating the effects of the attack by filtering out the traffic generated by the attackers. There are different approaches to this and dozens of companies on the market that provide services to protect against them. Some install appliances in the client’s information infrastructure, some use capabilities within ISP providers, and others channel traffic through dedicated cleaning centres. Three of the most popular approaches are:
Install filtration equipment within the company IT infrastructure: It is possible to install special equipment within the company’s IT infrastructure. However this method has some serious drawbacks. Firstly, it requires IT professionals to control the filtration equipment. And secondly, it may clog the entire Internet channel, not just the company equipment.
Ask your Internet provider to filter the traffic: Another option is a contract with a company specialising in protection against DDoS attacks, such as an Internet service provider (ISPs). ISPs use a wide channel, giving them a significant safety margin that enables them to provide their customers with communication even when they are under attack. However, a wide channel and filtering services are only effective if the filtration rules are continually improved to combat the latest DDoS techniques. Not all providers offer such a service, As a result, they can only filter out the crudest, most obvious attacks. If a company is able to employ true specialists its protection will be much more effective, but they also have to rent a wide channel from a provider, which drives up the cost of protection.
Turn to the experts: The most effective method of protection involves experts who not only modify filtering equipment but also study the tricks used by the fraudsters, develop new defensive technologies, monitor the situation and are ready to quickly improve filtering mechanisms. Specifically, if the attacker probes a victim’s resources in search of the most effective means of attack available, only expertise in this area can help to quickly find the appropriate filters and avoid resource overload.
In addition, partnership with an Internet provider can help to provide still more effective filtering. In some cases it is possible to weed out crude attacks entirely on the provider’s equipment while referring more sophisticated junk traffic to special cleaning centres. This approach also reduces the cost of customer protection since it can work in an online channel with relatively small bandwidth.
Online activities now play an increasingly important role in virtually every business’s day-to-day interactions with customers, suppliers and employees, so no business can afford to ignore the risk posed by DDoS attacks. By putting in place a stringent security policy, supported by the right technology and expertise, businesses can be confident that their organisation remains protected, should the worst happen.
David Emm is principal security researcher at Kaspersky Labs
Are you a security pro? Try our quiz!