Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

That DDoS Attack is Closer Than You Think

I am an optimist by nature, which often makes me a minority amongst many of my colleagues in the security sector. Despite my optimism, I live in fear of a coming Distributed Denial of Service (DDoS) disaster.

I am an optimist by nature, which often makes me a minority amongst many of my colleagues in the security sector. Despite my optimism, I live in fear of a coming Distributed Denial of Service (DDoS) disaster.

In 2011, the Hong Kong Stock Exchange had to suspend trading in well-known companies such as HSBC and Cathay Pacific because their systems were under a massive DDoS attack. Of course, the stock exchange had security experts and mitigation experts and outside consultants, but the DDoS attack stilled the exchange swiftly. Think what can happen to you.

I speak from direct experience. My company manages a significant portion of the domain name system, and operates authoritative directories in dozens of locations around the world. We are no stranger to DDoS attacks. But this awareness of the threat, and the need to prepare against it, has yet to permeate mainstream companies, who exhibit a curious lethargy when I ask about their DDoS preparedness. “Hacking attacks, do you mean?” they ask kindly. “No,” I respond (sometimes a bit sharply), “DDoS attacks – the attacks you will struggle to respond to once it attacks your mission-critical systems. The attacks you don’t see coming until too late.”

As I noted recently during a panel presentation hosted by the Public Interest Registry and the Internet Society’s New York chapter, a DDoS disaster is waiting to happen.

In the simplest of terms, DDoS attacks attempt to render individual machines or entire networks unavailable for their intended audience. While methods and motives vary, the attacks are executed by individuals or groups to interrupt (or indefinitely suspend) the services of the attack target.

How DDos Attacks Work

For example, consider the .ORG domain and my company, Afilias, the back-end operator for that domain. One of our primary duties is to ensure that when someone types a URL into a browser – for example, redcross.org – the browser indeed goes to that destination. The data that ensures the URL can find the site’s server is stored in our enormous database that’s propagated and translated instantaneously around the world, so a desktop user in California or an iPad user in Beijing will both end up at the same location when typing the same Web address.

Legitimate URL inquiries and DDoS attacks appear identical at the start: they both request directions to a specific site. The difference is that DDoS requests don’t wait to receive an answer; they incessantly ask for directions, often from many (faked) addresses, while throwing away any answers they receive. This happens hundreds of millions of times in a very short period of time. The result? The server, site or network resource is overwhelmed by this tsunami of legitimate-looking queries, and consequently becomes unavailable for its intended users.

Advertisement. Scroll to continue reading.

With millions of sites around the world using the .ORG domain, it’s no surprise that .ORG sites are popular – and growing — DDoS attack targets. In 2011, for example, the number of attacks aimed at .ORG sites increased by a factor of 18. Staying ahead of potential attacks on 10 million .ORG domains worldwide is a huge and expensive challenge.

Chart of DDoS Attacks Against DNS

An Ounce of Prevention is Worth a Pound of Cure

If you’re a network provider, the most effective way to give an ounce of prevention is to educate end users who, despite their comparatively advanced understanding of technology, remain unaware that many the DDoS attacks originate on PCs and other devices that are connected to the Internet at home, in the office or on the go. Once you’ve educated your end users, it should be easier to demonstrate the importance of them authorizing you to take action on their behalf before, during or after an attack.

And these attacks are not the exclusive problem of large, global entities. Far from it.

If you are a user, it’s critical to bear in mind that any and all devices connected to the Internet have the potential to be used as part of a worldwide network of zombie computers (devices that are taken over without the owner’s knowledge). Once a device is hijacked, it becomes part of a global group of computers – often referred to as “botnet” – that can be harnessed to attack at a moment’s notice by joining in the massive request for directions to a particular site.

Since this phenomenon is an occupation of a device rather than an infection, anti-virus software offers no protection. Most ISPs, however, have programs in place that track a device’s activities. Probably the single biggest thing you can do to defend your connected devices is to ensure that your ISP has tracking mechanisms in place for catching DDoS attacks before they happen, and that they can scan your connected devices for botnet kits which can make your device a zombie.

DDoS attacks are now a routine part of attacks on companies of all sizes. Adding mitigation measures as part of your crisis planning and risk mitigation measures is a necessary measure. Failing to plan for a DDoS disaster is like playing with fire.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet