September 11, 2018

Why should the C-level care about DDoS attacks – and how can you survive them?

Markus Melin

Head of Tieto Security Services, Tieto

All around the Internet, botnet-powered DDoS attacks are underway constantly, and they are more destructive than ever before. Why should the C-level in organizations care about this? Because anyone can become a target, and the price tag of an attack may be heavy.

For business continuity, DDoS (Distibuted Denial of Service) poses a serious risk. That is why C-level awareness is important, why Denial of Service should always be included in corporate risk assessment, and why any organization benefits from investing in protection services and technology. The less prepared the target is, the more expensive and difficult it is to remediate the impacts.

How well would your organization tolerate a DDoS attack? How much would one hour or a full business day of your website’s downtime cost?

For a single organization, potential consequenses may be severe. Not only do DDoS attacks lead to direct financial losses but they can also ruin corporate or brand reputation, damage partner relationships and cause disgruntled customers – all of which, in turn, multiply the negative impact that doesn’t vanish as soon as the attack is over.

Also, customers and partners may have to be compensated. If the victim is a listed company, its stock price may take a hit.

More complex attack patterns

Globally, up to 7.5 million DDoS attacks happened in 2017 according to one report: about 20,000 per day! Targets vary from financial services, IT service providers, telecommunications companies, ecommerce, and manufacturing industries. Even public service organisations are targeted.

I suppose you would prefer staying out of the list of victims?

For the cyber defender, the trends in DDoS are very nasty. The force and complexity of attacks increases year after year, and the victims face much more difficulties to survive.

There are by and large two types of DDoS attack; volumetric and application-level attacks.

Most people associate DDoS with volumetric attacks. As the name suggests, the goal of a volumetric attack is to saturate the bandwidth of the targeted network by sending massive loads of malicious traffic. Logically, the way to measure the magnitude of attacks is by how much internet bandwidth they consume in bits per second.

Currently, volumetric attacks reach tens of gigabits on average that easily knock out most websites. Such attacks are easily generated using a modest-sized botnet, often using magnification techniques exploiting weaknesses in the communication protocols that form the fabric of the internet.

Application attacks, on the other hand, are more subtle. Instead of relying on the sheer amount of traffic to suffocate the victim, they carefully target vulnerabilities in the internet-facing services of the target organisation.

Even a moderate application-level DDoS attack can render the company unable to access their cloud services for extended periods of time. Because application attacks are typically very cost effective to execute, they are rapidly becoming the go-to choice for targeted attacks, while volumetric attacks remain dominant with the opportunistic attackers.

Machine learning to defend against DDoS

This year, the world has seen the biggest attack ever recorded: 1.7 terabits per second. Amazingly, the victim survived without much trouble – because it happened to be a telecommunications carrier and it was well prepared.

Would it be a good idea for you to simply buy some more bandwidth to prevent DDoS impacts? Yes and no. Effective protection _is_ based on raw bandwidth, but not at the site under attack. By definition, DDoS attacks are distributed by nature, and the closer to the source of attack the protection is, the more effective it is.

The remediative measures have to be taken outside over a distributed network, preferably utilising several data centers around the world. Very few organizations posses such infrastructure.

Then, what can you do to help yourself? One way is to buy DDoS protection as a service from your ISP. In case of an attack, the ISP identifies malicious traffic from the normal, and “washes” the traffic in its network. Often, that weakens the attack sufficiently. Depending on the service level available from the ISP, this type of protection may have some undesired side effects. The problem is that the resources of one ISP can be consumed by a DDoS attack, resulting in the ISP “blackholing” big swathes of traffic, including that of legitimate users.

A better approach is to utilise a distributed global protection network that filters the traffic at or close to origin, thus avoiding any vulnerable bottlenecks.

Our approach is also to provide a comprehensive, smart, cloud-based DDoS protection service. It covers all attack forms in all network layers from brute force volumetric to sophisticated application layer attacks. As a separate layer, it is independent of on-premise equipment or any specific capabilities of an ISP the customer may be using.

One important aspect of the service is the use of machine learning to recognize DDoS traffic from normal growth of traffic. By constantly monitoring global internet traffic and attack patterns, the service automatically detects emerging attack patterns and reacts to even the latest techniques employed by the bad guys.

Do you want to know more about DDoS protection services? Get in touch with me and my colleagues!

Stay up-to-date

Get all the latest blogs sent you now!