Pssst! Want to get back at that company that wouldn’t hire you last month? All you need is a few dozen dollars and the willpower to do the deed. No, you don’t have to be a programmer. Get the cash, know where on the internet to look for your tools, and voila. Instant revenge.
This colorful scenario isn’t as wild as it seems. Now more than ever, individuals as well as companies with a vengeful frame of mind have the tools and opportunity to make folks miserable by launching a DDoS attack.
- The perps: Anyone with a serious grudge and the knowledge of where to go for resources.
- The targets: individuals, companies, government agencies, non-profits, you name it, they’re at risk.
- Their tools: DDoS attacks and the easy-to-get resources that enable them.
The bad news doesn’t end there. The odds that distributed denial of service (DDoS) attacks will become more frequent and severe are high. Remember the massive Dyn DNS outage? The DDoS attack used Mirai malware to control infected IoT devices.
The causes of DDoS revenge attacks include cheap, easy to-use tools, surprisingly little money, and an unexpected outcome of the move to the cloud—centralized DNS resources. And oh yes, did we mention the Internet of Things? DDoS attacks are being used against a wide variety of targets located anywhere with an internet connection. Now that the IoT connects billions of devices to people, companies and each other, the menace of these attacks spreads worldwide, and the question of how to prevent DDoS attacks is becoming much complex to contend with.
Table of Contents
Back in The Old Days, launching DDoS attacks required hacking skills or at least access to malware. Now it can be done DIY with inexpensive tools or as a for-hire operation. No IT experience required.
DDoS commerce uses familiar pay-as-you-go subscription fees. Third-party booter sites (also known as stressors) sell digital vengeance with monthly subscription fees, which pay for attacks on IP addresses or websites of the customer’s choosing.
Research by SecureList suggests that prices of DDoS-for-hire services are decreasing. You can pay as little as $6 for an attack lasting a few seconds. Attacks on networks with capacities more than 125 Gbps cost about $110. Premium plans boost the duration and intensity of the attack. In this world, you get what you pay for.
The price of DDoS attacks might be low, but the business impact is not. Total costs of a successful DDoS attack can climb to $100,000 per minute of downtime. A Deloitte report, “Beneath the Surface of a Cyberattack: A Deeper Look at the Business Impacts.” finds that intangible or “hidden” costs can amount to 90 percent of the total business impact on an organization.
Immediate business impact includes the economic cost of responding to the attack and looking for a breach, compliance fines, and paying to harden defenses and prevent future exploits. In a mid-sized to enterprise organization, it’s easy to generate millions of dollars in expenses.”
However, the intangible, harder-to-quantify expenses can incur the biggest costs. These include the loss of business continuity, intellectual property, and sensitive customer data, not to mention lost customer loyalty and your brand’s reputation.
Indifference and unexpected consequences
Organizations of all types and sizes are outsourcing their operations to the cloud. In most cases this is considered to be a good thing. But when DNS ops are concerned, cloud installations create centralized, single points of failure that weren’t present in distributed, on-premises infrastructures. The problem? Few enterprises recognize the danger or have implemented secondary DNS to neutralize the danger.
Some analysts point fingers at cloud-based services as the cause of the problem. It’s true, cloud service providers concentrate internet infrastructure more than the designers of DNS ever dreamt of. But, organizations wanting to reduce the risk of vengeful DDoS attacks can take action.
What works? A mix of old truths and modern best practices might help.
Old truths and modern best practices
The fundamental principles of avoiding central points of failure and ensuring redundancy haven’t changed. In this case, mitigating risk includes selecting components like DNS services, web firewalls, and DDoS protection that support diversity. And, using multiple servers for each zone is still the best way to keep data available and reliable, even when a server goes down.
Modern best practices involve security awareness of the likely origins and timing of an attack. Basic principles include:
- Monitoring unusual network behavior, such as a sudden drop in network performance. Often, attackers will use a cloud-based DNS service as an entry point to start a DDoS attack.
- Monitoring spam email traffic. Often, the volume of spam emails will spike in the moments before a DDoS attack.
- Using automated network monitoring tools to detect DDoS attacks in real time.
- Collecting, standardizing, and analyzing vulnerability data taken from several system sources.
- Deciding which systems pose the highest risk to the organization. This information can prioritize a patching process, which can close security holes moments after discovery.
Perhaps the most potent weapon against vengeful DDoS attacks is a consistently watchful attitude. Taking the threat seriously means accepting that yes, this can happen to your organization, whether you operate in the IT, healthcare, government, or any other sector.
Decentralizing your DNS infrastructure to eliminate easy DDoS targets is a start. Using modern tools to become aware of threats will help you establish security best practices in your operations.