Preventing DDoS armageddon
Davey Winder ponders how large a DDoS attack would have to be to take down multiple providers, and asks what businesses can do to protect themselves.
Darien Kindlund, senior staff scientist at security vendor FireEye, backs the view that the frequency and severity of DDoS attacks is likely to increase in future, but so are other types of attacks, too.
"Orchestrating a massive DDoS attack against one or more targets certainly requires a lot more planning and resources than launching a spear-phishing campaign against that same firm. Both can disrupt the victim, but one is substantially cheaper and easier to execute," said Kindlund.
DDoS attack mitigation
IT Pro asked Rico Valdez, senior security researcher at endpoint security firm Bit9 for some advice on how to evade DDoS Armageddon.
"There are a few ways to deal with a DDoS attack that exceed the limit of an organisation's internet bandwidth," he said.
"The first is to work with your provider and understand what they can do for you in such a situation. Some providers provide DDoS mitigation services that will help in these cases."
Another option is to provision "fatter pipes" with DDoS mitigation systems that can handle large volumes of traffic, advised Valdez.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"In an attack, traffic could be directed down the fatter pipe and through the mitigation device. This might be cost effective for some organisations, as the large pipe would only be used in the event of an attack," he said.
Lastly, companies should also consider geographically distributing their web servers so the attack volume is distributed to various front ends.
"This might be accomplished with any cast routing or other mechanisms. This has an added benefit of improving performance for your customers, as they will be directed to the site closest to them," Valdez concluded.
"As such, while DDOS protection is ideal, firms need to consider the likelihood of these attacks compared to the increasing frequency of other, easier attacks to execute.
"Based on that risk analysis, informed organisations can make the decision about whether or not to invest in localised DDoS protections, outsource their DDoS protections to a third-party or to forgo the investment altogether," he added.
However, Marty Meyer, CEO of Corero Network Security, claims companies that try to protect themselves from Armageddon-style DDoS attacks could be fighting a losing battle.
"There are certainly some key things that an organisation can do to increase their chances of remaining protected, but with the sophistication of these attacks growing so much, many will struggle whilst using their current security infrastructure.
"Traditionally, organisations have relied on firewalls to protect against DDoS attacks, but in reality a firewall can only do so much to protect against these increasingly sophisticated attacks, whether they are relatively simple flood attacks from botnets, or the far more advanced Application-Layer attacks."
As a result, he said companies need to start thinking about a new first line of defence that can stop DDoS attacks, protect the firewall, and allow it to continue to block unwanted connections.
"It is an interesting and worrying time when you take DDoS in to consideration, and we are no doubt going to see these attacks continue to grow in power and sophistication," he added.
Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.
Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.
You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.