Distributed Denial of Service Attacks
For a multitude of industries—be it finance, healthcare, or e-commerce—DDoS attacks continue to threaten data privacy and business operations. Every year, attacks are growing more sophisticated to bypass existing firewalls, costing significant billions each year in revenue.Distributed Denial of Service (DDoS) attack is one of the most popular cyber-weapons. Such attacks threaten vital business operations and data security. The Internet of Things (IoT) is the weapon of choice for DDoS attackers. DDoS attacks are often perpetrated by an army of virus infected remotely controlled computers or botnets.
It’s a type of attack where hundreds or even tens of thousands of bots are hijacked to strike against a single system, network or application. If an organization becomes compromised by a DDoS attack, whatever service it provides becomes unavailable to its employees and customers. Since there are so many inbound server requests coming from so many distributed computers, it’s difficult to distinguish these attacks from legitimate traffic.
KEY FACTS ABOUT DDOS ATTACKS
- Ten of millions of devices have already been hijacked, lying in wait, ready to be called to strike against your organization.
- Legacy defenses are overwhelmed by the scale, sophistication, and breath of these attacks.
- There will be 20-50 billion connected devices by 2020, nearly 3.5x more than in 2014.
What Are the Different Methods Of DDoS Attacks?
There are two main types of DoS attacks: attacks designed to exhaust application or server resources and attacks that simply flood services. There are three main types of weapons used in a DDoS attack. Attacks can also combine all three together.
- Protocol or Network layer - Attacks that target network devices such as firewalls and load balancers based on network protocols. Examples of this include Fragmentation, Ping of Death, SYN Flood, and SSL Regeneration.
- Application - Layer 7 protocol attacks target vulnerabilities in Windows, Linux, Apache and other server applications. Examples of this type of attack include Slowloris, HTTP Flood, Low Orbit Ion Cannon (LOIC), and DNS NXDomain.
- Volumetric or Volume-based - The most common type of DDoS attack generally relies on Layer 3 and Layer 4 vulnerabilities, flooding your network with a high volume of requests. Examples include DNS Amplification, Network Time Protocol (NTP) amplification, Ping Flood, UDP Flood and TCP Flood.
GOAL OF A DDOS ATTACK IS TO BLOCK IT SYSTEMS FROM LEGITIMATE USERS
In the last few years DDoS attacks have increased in volume, velocity, duration, and complexity. Attack mechanisms are growing more sophisticated to bypass existing defense system, costing significant revenue in IT resources and damaged brand recognition.
- GLOBAL THREAT: Legacy defenses can’t handle the globally distributed IoT devices that include real IP, weak security, and a fully functional Linux network stack that is easily exploited by attackers.
- MASS OF ATTACKS: Legacy defenses are built to defend against thousands not tens of millions of coordinated IoT weapons.
- GROWING MALWARE PLATFORM: Cybercriminals don’t have to hide from antivirus or continuous software updates while exploiting Linux-based IoT devices. IoT is an ever-growing platform of potential DDoS weapons.
WHAT COMPANIES ARE TARGETED BY A DDOS ATTACK?
DDoS attacks are increasing in frequency and scale leaving some of the world’s largest data centers and network operators dealing with a costly aftermath.
- Service providers and large enterprises have become a common target for DDoS.
- Virtually every commercial and government organization is at risk from the growing threat of DDoS attacks.
- Smaller organizations without their own data centers rely on managed service companies. They need a service provider prepared for the inevitable DDoS attack.
Bottom line: all organizations should be concerned about service outages caused by DDoS attacks and take measures to ensure their DDoS protection scales to the largest multi-vector attacks.
- 45% of the DDoS attacks target IT Services, Cloud, SAAS
- 20% target Financial Services
We’re tracking the rapid expansion of IoT botnets, and the continued use of UDP reflection attacks. DDoS is a problem that keeps growing in size and strength, and the number of attacks on businesses is nearly double that of a year ago. Denial of Service attacks aren’t limited to certain company types anymore – and we predict 2018 will be the year every company realizes they could be a target.” - Tom Byrnes, CEO and Founder of ThreatSTOP
MODERN DDOS ATTACK’S BIGGEST CHALLENGES TO YOUR DATA CENTER
- 1/3rd of IT downtime is due to DDoS attacks
- Difficulty in distinguishing DDoS attacks from legitimate traffic
- Traditional DDoS solutions have not kept up with evolving methods DDoS attacks
- Internet of Things has increased the scale of an attack and lowered the barrier for cybercriminals
- Legacy systems that cannot scale to protect against the volume of modern attacks
- Organizations often take 3-5 hours to detect DDoS attacks
WHO WOULD ISSUE A DDOS ATTACK?
- Disgruntled employee
- Script Kiddie
WHY WOULD SOMEONE ISSUE A DDOS ATTACK?
The goal of a DDoS attack is either to cause costly downtime and block legitimate users from accessing services.
- Pranks / Just for fun
- Cloaking other criminal activity (data theft)
- Hackers interested in establishing a reputation
- Tests by governments or hackers
- Random attacks
- Media event causing legitimate traffic to overwhelmed site
The first line of defense for an effective DDoS protection plan includes existing firewall, intrusion prevention system (IPS), and load balancers. Additionally, dedicated DDoS protection devices can provide specialized mitigation against large-scale and advanced DDoS attacks. It’s important that these DDoS protection devices provide enough headroom in terms of bandwidth, throughput, and connectivity to deal with DDoS attacks while maintaining service availability.
Since dedicated DDoS protection devices integrate with many different solutions from a variety of vendors, it’s important that these solutions can adapt to changing needs and integrate easily via common APIs.
DDoS mitigation typically involves coordinated activities that proactively detect and protect the intended target and networks from a DDoS attack. This is done by passing network traffic addressed to the target through high-capacity network resources that scrub the data for any malicious characteristics. As a rule, DDoS mitigation should occur in the background and continue to allow legitimate traffic to access your services at network speed. The key to effective DDoS mitigation lies in separating incoming traffic into known human traffic and bot-generated traffic. This is done by utilizing threat intelligence to compare incoming signatures and examine traffic attributes. Best practices for DDoS mitigation include employing anti-DDoS technology and having an emergency response plan. Multi-level DDoS protection, performance scalability, and broad deployment flexibility are key parts of that plan and help protect your critical applications and networks. The A10 Thunder Threat Protection System (TPS) product provides effective DDoS mitigation. It will protect against the growing threat of DDoS attacks and provide an environment that is highly available and secure.
Further Reading on DDoS Protection
National Institute of Standards and Technology (NIST) is developing an advanced DDoS mitigation framework based on their cybersecurity framework to protect critical infrastructure. The framework was developed by Presidential Executive Order 13636 to secure critical infrastructure vital to national and economic security, including energy, banking, communications and defense. Any organizations can apply risk management and best practices for improving the security and resilience of their critical infrastructure.
NIST Cybersecurity Framework’s Identifies Five Functions:
- IDENTIFY – Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
- PROTECT – Develop and implement appropriate safeguards to ensure delivery of critical services.
- DETECT – Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
- RESPOND – Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
- RESTORE – Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
Learn more in this NIST Cybersecurity Framework executive summary. The National Cybersecurity Center of Excellence (NCCoE), part of NIST, has initiated a project to for mitigating the risk of IoT-based DDoS attacks.
A10 Thunder TPS™ (Threat Protection System) is the industry’s highest-performance DDoS defense solution. TPS offers fast, precise and scalable DDoS attack detection and mitigation.