That a successful DDoS attack can flood your network, site or service with traffic that can grind it to a halt and effectively take you out of business, is unfortunately an all too well known fact. But how did it all start, and how can managed service providers (MSPs) help in putting a stop to it?
In 1995, an Italian political collective called the Strano Network implemented the now infamous ‘Net Strike’ against various French government websites in protest against nuclear policies. This was the first Distributed Denial of Service (DDoS) attack I can recall hearing about as a veteran IT security journalist. The attack only lasted an hour, partly as Internet connectivity was costly and partly because the attack technology at the time was primitive and required actors to be glued to their terminals.
Within a couple of years that technology had advanced, in great part courtesy of the Electronic Disturbance Theater (EDT) group, which developed its own attack tools in-house. None was more effective than FloodNet, which made targeted DDoS attacks a point and click affair. These ‘sit-ins’, as EDT called their attacks, hit both US and Mexican government sites as the 90s drew to a close.
Fast forward 10 years and Anonymous managed to really exploit the notion of point and click attack technology along with crowd-sourced activism. The weapon of choice that facilitated the success of Anonymous was the Low Orbit Ion Cannon (LOIC). This software essentially connected users, via an easy-to-use interface, to a vast network of computer resources; a botnet. The thing to keep in mind is that this was not a zombie network of malware infected PCs and unaware owners, but rather people volunteering to donate their resources into an attack. A target was chosen, the cannon was pointed at that site, and when the command was given everyone fired…
Hacktivism makes DDoS sound like a legitimate method of protest, but the truth is it’s far more likely to be used for criminal gain. Just look at some of the bigger attacks of recent times, both in terms of the bandwidth used and the media headlines generated, if proof were needed. When The LizardSquad took out both the PlayStation Network and Microsoft’s Xbox Live over the 2014 festive period, it wasn’t for the “lolz” or to make a political point. It was as a marketing tool to get publicity for the “Lizard Stresser” DDoS-for-hire service it was touting on the dark web. Similarly, at the start of this year when New World Hacking claimed responsibility for what was reported as the biggest DDoS attack, by volume of traffic, in the form of a 600Gbps volumetric attack against the BBC, the reason was to show what its ”BangStresser” tool was capable of.
Perhaps understandably, it’s these big downtime attacks that attract the equally big media headlines. There’s an instinctive tendency for reporters to be attracted to the “largest DDoS attack ever”, yet there’s a case to be made that smaller attacks are more worrying. These lower-level attacks, lasting for shorter periods and degrading network performance without closing it down altogether, are most often used as a smokescreen for other malicious activity. The targeted business finds its IT teams distracted with the job of getting the network/site running at full capacity; meanwhile the attackers are exploiting vulnerabilities, installing malware and so on.
According to a recent Infosecurity magazine report DDoS attacks were up by 149% year-on-year, and showed a 40% spike in the last quarter of 2015 alone. Not really a great surprise to anyone who has spent any amount of time researching how the bad guys operate, as the availability and low rental cost of “stresser” botnet resources makes it the weapon of choice. And it’s a weapon that causes plenty of collateral damage.
Indeed, according to one recent DDoS Impact Survey, it wasn’t the immediate loss of revenue (34%) that was most damaging to a business, but the ongoing loss of trust (45%) resulting from the attack. Interestingly, that same survey revealed that while 30% were reliant on traditional security defences such as firewalls to defend against DDoS attack, 85% said they thought service providers should be protecting them and half were willing to pay a premium for this protection.
This is good news for managed service providers (MSPs) who are ideally positioned to help combat the DDoS threat. How so? Well defending against DDoS can be an expensive business in as far as getting the right tools and infrastructure in place, but that’s nothing compared to the cost of not having the skillset to properly implement your mitigation efforts when under fire.
|Five things to take into account when thinking about DDoS defences|
Find out more about how to defend against this type of attack and what tools you need to protect your networks by downloading our free Cyber Threat Guide.
If you want to know more about more about network attacks in general watch our Security Lead Ian Trump talking about this subject in this video.