What Does a DDoS Attack Mean to You?

Distributed Denial of Service or DDoS is a cyber-attack where a perpetrator aggregates data flow from various devices to a single IP number to flood the available bandwidth in effect blocking critical inbound and outbound traffic.  Think of it as an angry gang of people blocking the road in front of you leaving you no road to drive.  The results can be devastating to an organization.

No access to email or the web!

No access for your customers to your e-commerce sites!

No VPN traffic to support remote sites and/or mobile users!

All inbound and outbound legitimate traffic is blocked shutting down many of your critical applications indefinitely.   This is not a breach of your internal systems, but a blockade.  And, your internal firewall and security can do little to prevent this since it is filling up your Internet pipe between you and your carrier.

The figure below illustrates how attackers have hacked devices all over the Internet.  Upon their command, these devices are instructed to stream data at a specific IP address.  These devices could be computers with low security, security cameras streaming video, or Internet-connected refrigerators passing images of milk.  As the Internet of Things continues to expand, the number of devices that could be involved are ever-increasing.  The aggregate devices could reach thousands, all of them slamming your bandwidth.

Here is one of the most difficult things to fathom.  There are easy to access web sites that, for as little as $6.00 per hour, can initiate such an attack.  Think about this.  At this rate for less than $300, someone could shut down your Internet and all the critical applications that it drives for two full days and there is little you can do.  How much would such an attack cost your organization if you were without Internet for two days?

Who Would Do This?

There are generally three classifications of people that might engage such an attack.

  1. Fun Seekers – There are those people who find happiness in causing other people pain for no other reason than “just because” and maybe some bragging rights amongst their friends.
  2. Disgruntles – People who find issue with an organization and seek to find ways to cause them harm. Maybe an ex-employee, a competitor or even a student that may not be ready to take an exam.  They are just looking to cause pain for a purpose.
  3. Ransom Huntsmen – Believe it or not, there are people looking to cause havoc for an organization who might be willing to pay to eliminate the attack. And, this can be big business!

Not only could someone shut down your access to the Internet, but they could also make you pay to stop the attack.  Depending on the perception of your loss, this could be tens of thousands of dollars just to shut down the attack NOT including the hard and soft costs to your business.  And, who is to say that once you pay, they will not come back for more.

Reported Example Attacks

As you likely can assume, organizations are not readily reporting these attacks as it can show vulnerabilities to their security which could be used as ammunition to the marketplace, but listed below are a few of the recent reported attacks.

January, 2017 – Lloyds Banking Group in the UK was hit by a DDoS attack blocking customers from reaching on-line banking services for almost two days.

November, 2016 – Forbes reports an organization was attacked by an angry gamer.  More than a terabit of data per second buckled the network.

October, 2016 – CNBC and various other sources reported a DDoS attack crippled a series of organizations including Twitter, the New York Times, Pinterest, Spotify, Verizon and Comcast.

It is important to note most of these organizations have sophisticated security groups in house.

What Can You Do?

Because the DDoS attack is a flood of data consuming your local Internet bandwidth from the Internet, your firewalls and internal security applications can do little to defend you.  The challenge is to mitigate the situation detaching the attack data from legitimate sources.  The incoming bandwidth is scrubbed only allowing the valid data to traverse your access.  So, what options do you have?

  1. Do Nothing – This is always an option. You can allow a potential attack to occur and try to ride it out understanding minimal if any legitimate inbound and outbound data will pass.
  2. Pay the Ransom – If the attack was initiated for financial gain, you can pay the money to stop the attack and hope they do not come back again to collect even more.
  3. Be Proactive – The carrier providing your Internet service likely has a solution to scrub the data should an attack occur to allow critical applications to continue to pass.

If you chose to be proactive, carriers can provide a service to monitor your traffic utilizing scrubbing stations.  Should the traffic directed at your bandwidth seem unusual, you would be proactively contacted to determine if you agree.  If an attack is identified, your traffic is redirected to the scrubbers eliminating the traffic from illegitimate sources, leaving only appropriate traffic.  These services can often be provided with multiple levels of protection depending on the potential risk your organization might face.

Next Steps

If such a DDoS attack aimed at your network would create harm to your organization, here are some potential next steps.

  1. Determine if you are perceived target. Do you have services related to inbound/outbound Internet traffic that an outsider may evaluate as a legitimate target?  But, also view the groups of people that could launch an attack.
  2. Evaluate your risks. If your Internet services were blocked for a day, what hard and soft losses would you experience?  What if this blockage lasted three days?
  3. Ask your provider about solutions. What options are available from your Internet provider?  What pricing structures are available for both proactive and reactive mitigation?
  4. Do the numbers. Evaluate your cost of potentially being down vs. the costs of avoidance.  Like any insurance policy, it is a risk analysis only you can calculate.

Summary

With an increasing number of appliances attached to the Internet with minimal security, the opportunity to launch an attack is becoming increasingly simple.  And, with websites available ready and able to launch an attack for as little as $6.00 per hour, the profit potential for hackers is both immediate and substantial knowing organizations cannot do without these vital applications.  As shown in examples prior, even the most sophisticated security organizations in the world were found to be victims of these attacks even though their internal information was never breached.  Evaluate your exposure, search for some solutions, and determine if the implementation of a DDoS mitigation solution is worth considering.

Orion to the Rescue … If such an attack would be devastating to your organization and you would like to evaluate some options, Orion Communications can help.  We are confident a cost-effective solution is available.