Cybersecurity best practices and DDoS defence strategies
Distributed denial of service (DDoS) has long been known to be devastating to businesses. In fact, a SecurityWeek report from November 2014 revealed that the average cost of a successful DDoS is $40,000 per hour.
Although DDoS can be financially crippling, this type of security incident has at least been appreciated for its simplicity – the attacker is just hitting the victim with a huge amount of requests, overloading their servers. Unfortunately, a couple of recent surveys make it clear that DDoS shouldn’t just be thought of as an individual brute-force barrage anymore but a piece of a larger cybercriminal effort. Specifically, DDoS is often masking a breach of the network and possible injection of malware.
A survey released in September 2015 and featured in Infosecurity Magazine revealed that one out of every three DDoS events are coupled with an invasion of the network. Intrusion was particularly a concern for SMB’s: while 22% of enterprises had data stolen when a DDoS occurred, 31% of small-to-midsized businesses lost information.
Security executive Evgeny Vigovsky believes that organizations should reconsider their perspective on DDoS since the attacks are evolving. “The report clearly shows that the damage scope from such attacks goes far beyond the temporary downtime of a corporate website,” says Vigovsky. “Companies report total disruption to their operations, and in some cases—loss of sensitive data.”
The fact is, distributed denial of service is scary enough on its own. For one thing, it’s not rare. One out of every five businesses are attacked, and their servers typically go down for a few hours. However, DDoS can be more long-term, with 9% of respondents saying that it forced their service down for 2-7 days and 7% reporting outages of multiple weeks.
As noted above, SMB’s are particularly vulnerable when DDoS strikes. It’s actually the fourth costliest type of breach that they experience – and that doesn’t even include the cost of recovery. Recovery is typically over $50,000, much more than typical SMB recovery following a security incident.
Part of the issue is that SMB’s often don’t understand how to address DDoS. “The solution to this is straightforward,” says Vigovsky. “[V]endors have to take technical challenges upon themselves, offering an easy to implement and use solution to clients.”
Another survey, discussed in IT Pro in September 2015, found that distributed denial of service is often a distraction used to draw attention away while attackers upload malware.
The poll, which gathered perspectives from 800 IT executives, revealed that half of businesses were attacked between January 2014 and mid-2015. What’s worse, four out of five targeted companies had been hit more than one time.
Three out of five distributed denial of service efforts are high-volume traffic overload events aimed at bringing down a business. Many of these attacks are in the 50-100 Gb per second range. However, the remaining 40% are not nearly as frenetic at under 5 Gbps.
The real revelation from the survey was that 36% of businesses discovered malware during or after recovery from a DDoS. Businesses more often experienced malware injection when the DDoS attack was relatively mild. For instance, in the particularly susceptible finance industry, 43% of organizations were hit with malware during a DDoS, while 54% of organizations were hit with malware specifically during a mild DDoS of 4 Gbps or less.
The countries of Europe, the Middle East, and Asia are particularly at risk of DDoS incidents accompanied by malware. According to the report, 80% of EMEA companies have been attacked with DDoS. Out of the companies that were attacked, 92% also had malware injected. Data was stolen in two out of every three malware incidents.
“These results really point to … attacks targeting a specific organisation for a specific purpose,” explains security executive Margee Abrams.
DDoS has changed significantly since early 2014, when attacks were becoming enormous and were centered on derailing the server. Now, rather than killing the server, they cripple it with a low-level DDoS. That way they are grabbing the company’s attention, but the server is still live, which means they can perform these other attacks.
Mitigation has become more sophisticated now too, according to Abrams. In other words, it goes well beyond IT. “When a DDoS attack occurs, everyone, including the communications, marketing, risk and compliance teams are all mobilized … to mitigate it,” says Abrams.
The business world is, of course, dedicated to winning the battle against DDoS. Fully 73% of companies said that they are spending more money this year on measures that specifically defend against DDoS.
The challenge of course is to figure out which service to adopt. With DDoS+ Protection from Nexusguard, you get 1.28 Tbps of mitigation capacity, scrubbing centers positioned worldwide, and immediate response available 24/7. See more benefits.
DDoS has changed significantly since early 2014, when attacks were becoming enormous and were centered on derailing the server. Now, rather than killing the server, they cripple it with a low-level DDoS.