The threat of distributed denial service (DDoS) and how you can prevent it
Posted on October 10, 2017
Ever tried to purchase a ticket to a concert or sporting event, only for the website to crash? At most, it’s annoying and you’ve got to wait until it comes back online. The same principle has a dark side, and is known as Distributed Denial of Service (DDoS), something cyber criminals are deliberately using it to target businesses.
The premise is simple: flood a website or business network with an enormous volume of requests with the intention to overwhelm and bring down the target. Even the Australian Government has even fallen victim to this, with the 2016 Census becoming compromised by a DDoS attack.
One of the biggest attacks Australia has seen occurred in April 2017, when Melbourne IT's domain name system servers NetRegistry and TPP Wholesale were targeted. This saw as many as 500,000 domestic websites go down for up to 90 minutes.
This article will explore why hackers use this method, what their goals are by crashing websites or business networks and how you can protect your business from malicious attack.
How hackers use network weaknesses to maximise DDoS attacks
As more robust security measures are designed, hackers need to find smarter ways to discover the weaknesses that will allow them an entry point.
These hackers are savvy, and are equipped with advanced skills and tools that can probe websites and networks to discover the weak points. The advent of Internet of Things and other connected devices means more pathways attackers can use to access business networks.
Once a vulnerability is discovered, the DDoS attack is launched causing the entire networks to become disabled. There’s also no access in or out, creating a complete crash of the system.
While it’s hard to understand, there are many motivations for bringing a site or network to its knees—such as political reasons, revenge tactics or as part of a prank.
But there is also money to be made by these cyber criminals. Like an old-school mobster, hackers with a proven history of crashing sites can extort 'protection money' from businesses by threatening them with attack.
And they can even be employed by your competition through portals called booter services, with research showing these hackers for hire launched 600,000 attacks globally in 2015.
Disruptions that DDoS can cause to business
The threat of DDoS is becoming more real to business, with more sophisticated and powerful attacks. According to a Neustar report, 45 per cent of attacks in 2017 had a strength of over 10 Gbps per second, with a further 15 per cent reaching 50 gbps - double the strength of the average attack in 2016. And with the Github DDOS hitting 1.35 Tbps, the numbers are staggering.
Attackers are employing new methods as well, like Generic Routing Encapsulation (GRE). This was originally designed to create a point-to-point connection in IP networks that was similar to a virtual private network, but hackers are now using these as pathways to flood business networks.
Connectionless Lightweight Directory Access Protocol (CLDAP) reflection techniques are another new method being employed. This is where the attacker sends data to the CLDAP with the victim's IP address, causing huge volumes of data to be sent back in response, disabling networks.
CLDAP attacks can be up to 70 times more powerful than other DDoS attacks, due to the packet sizes sent back from the server.
In terms of loss, the Neustar report states that 20 per cent of Australia-Pacific businesses lost $100,000-$250,000 per hour from DDoS attacks, with a further 18 per cent losing $50,000-$99,000. At the high end, 9 per cent of APAC businesses lost more than $1 million for every hour that they were down.
DDoS prevention services that Vocus supplies
There are many ways that a Vocus Communications solution can prevent DDoS attacks before they hit your network, including:
- IP Transit products with RTBH filtering which can drop the traffic off before it reaches your site.
- DDoS Detect and DDoS Protect products that can filter out unwanted traffic.
- Complete transparency through the Network Operations Centre which notifies you and Vocus of any potential attacks.
- Real time metrics of traffic spikes and event history.
- Vocus experts on call to launch immediate mitigation or automated traffic scrubbing.
These solutions offer a shield against these attacks and assist in ensuring your business does not experience any costly downtime. Malicious requests can be scrubbed before they ever reach your website or business network, foiling the efforts of cyber criminals. Contact Vocus today to discuss the best options for your business.