The rise in Distributed Denial of Service (DDoS) attacks cannot have escaped many people’s notice over the past few years. Popularised by hacktivist groups such as Anonymous and Izz ad-Din-al-Qassam Cyber Fighters as a form of political protest, DDoS has become an attack vector that is no longer a minor nuisance, but a serious threat. DDoS attacks are relatively simple to carry out, and very effective at causing disruption to any online services.
The most often reported reason for a DDoS attack is hacktivism, but one of the more insidious motivations is that of cyber extortion. Cyber criminals have found that threatening organisations with DDoS attacksunless they pay a ransom is an increasingly effective way to earn money.
What is particularly problematic about DDoS attacks is that they are increasing in power and sophistication year-on-year. Initially they were often perpetrated by bedroom hackers and were relatively easy to combat with traditional security devices, but they have now become so sophisticated that even next-generation firewall technologies can no longer stop these attacks.
Pay up or be brought down
Cyber criminals are smart. They understand the value of businesses operating online, and so target those companies that rely heavily on the internet for their trade. Online gaming and gambling websites are particularly juicy targets, because hackers realise that for these sites downtime costs big money. This is particularly true during large sporting events, such as Goodwood or The Ashes, where gambling sites see a marked increase in traffic and revenue. It was recently reported that during Royal Ascotone online bookmaker paid £20,000 to online extortion.
The current issue with assessing the threat of cyber extortion is that it often goes unreported, which to an extent is certainly understandable. There aremany companies who are not likely to disclose such incidents unless required by law. For many it seems that the more expedient option, as they see it, is to quietly pay the ransom demand rather than publicly disclose they were targeted. They wouldprefer to avoid the associated negative publicity and brand damage. With that in mind, it is very difficult to estimate the true extent of the problem, yet it is an issue that appears to be gaining momentum based upon the number businesses now seeking guidance or protection.
Cybercriminals understandthe dynamics of consumer brand loyalty to online services. If they can’t access their preferred website to place a bet, they may head to a competitor’s site and place their betelsewhere instead. It is estimated thata business suffering a DDoS attack lasting just a few hours can see an impact on revenue that exceeds £100,000 for a single incident.
How to deal with demands
Some organisations may consider payinga DDoS ransom as a cost of doing business online. The threat of a DDoS attack is usually timed for maximum effect and the attackers justify the size of the ransom demand based on the potential financial impact of a sustained and successful DDoS attack. The more common ransom amounts tend to be relatively low for businesses, compared to the potential losses a DDoS attack could cause, meaning companies are often tempted to view this as a nuisance and just pay up. Of course, for companies that pay the ransom there is no guarantee they will avoid being targeted again.
Ironically, DDoShas graduated to its own game of escalating stakes as attackers use increasingly sophisticated techniques to cause disruption. In turn, organisations are responding by implementing new cyber defence technologies at the perimeter of their network to stop these events before they cause a problem. On premise, dedicated DDoS appliances placed at the network perimeter are now a critical component of any modern defence solutions. However, we still find that many organisations still rely on traditional firewalls to bear the brunt of the attacker’s network traffic.These devices provide little protection as they are simply not designed to deal with these types of attacks.
With DDoS attacks and cyber threats constantly evolving there is increasingly a need to block all types of unwanted traffic at the perimeterbefore they reachcriticalresources deeper in the network. This means that businesses have more confidence they will be able to operate without noticeable service degradation during an attack meaning that revenue generating customers can continue to access their site.