DDoS attacks are stronger and more frequent than ever. Admins must protect their servers

Several unrelated investigations from different security companies all bring very similar results. Lately there has been an increase of distributed denial of service (also known as DDoS) attacks, through which culprits attack servers and make them inaccessible to regular users. 

JIŘÍ HANÁK
  • JIŘÍ HANÁK

  • 27. 11. 2015
  • 7 min read
Zkopirovat do schránky

Servers and other network elements get overwhelmed by an incredible amount of requests that can slow them down or even push them over the edge and crash their network completely. And in the case of a distributed attack these requests come from all over the internet and have different information attached to them, making it very difficult to tell them apart from regular users’ requests. Though their requests might not even reach the servers – DDoS attacks can ‘block the pipes’.

Fighting against DDoS is not easy.

Criminals know this, and tend to use them ever more frequently these days.

They are not the only ones who use them though. State agencies – in China, for example – use them to suppress content that is not in line with their ideology. Recently, this is what happened to GitHub – a code sharing server for programmers and coders. Experts suspect that the site was targeted by China because it hosts a large number of protocols and programs used to increase personal security on the internet and others that allow people to bypass state censorship.

Longer, stronger, faster. And the number of threats rises

Lately there has been a noticeable surge in DDoS attacks. According to a study published by Akamai, the number of attacks has risen by more than 132 percent. The attackers tried to take down a huge number of services and in many cases were successful.

The frequency of DDoS attacks was not the only thing that got worse in the recent months. Even their strength has increased. Lately, DDoS strikes have been more frequent and stronger than before. Numbers found out by researchers differ a little, but that’s just because every security company was collecting its own data. All of the studies talk about encountering attacks that surpassed 240 gigabits per second during the last three months. Imperva’s study even states that the strongest attack they saw reached a whopping 253 gigabits per second.

How to differentiate between DDoS attacks

Attacks on the network level target servers and other network elements. They are usually rated in gigabits per second (Gbps). This is an amount of network bandwidth that the attack can use to overwhelm services and thus make them inaccessible. Attacks on the application level are rated in requests per second or RPS, which just marks the number of requests they send every second. The number of requests servers and network elements can process per second is limited, so overwhelming them with a much larger number of requests can bring them to their knees, slow them down or just ‘confuse’ them.

And DDoS attacks are lasting longer. When compared to the same period of time last year, the average length of one case has risen by twenty percent – to eight days. And the longest recorded attack has even lasted for 64 days.

Misconception number one: This could never happen to us

Many businesses – especially the smaller ones – tend to succumb to an impression that DDoS attacks are of no concern to them. “Who’d want to attack us?” they seem to think and are not very keen on improving their defences.

Regretfully, the reality is different. And much more grim.

However small the company, it is bound to have jealous competitors in their field. Or even just people who don’t like it, for whatever reason. They might be disgruntled former employees for example.

The assistant you sacked last month is no computer whiz, you say? That makes no difference these days. Anyone with some money to their name can just order a DDoS attack over the internet, even though they couldn’t even set up a router themselves. And prices of these services are shockingly low. The researchers from Imperva examined twenty such ‘mercenary’ botnet networks that can be hired by anyone. The cheapest service was available for just $19.99. And the strongest botnets-for-hire claimed to achieve 200 gigabits per second of bandwidth. For a price of a bag of groceries, anyone can damage their business competitor, for instance.

DDoS attacks inflict huge financial losses

Why are DDoS attacks such a big deal?

Because they cause enormous financial losses to businesses every year. According to Neustar’s researchers that questioned five hundred American businesses, a third of them would lose more than one hundred thousand dollars if they were hit by DDoS in their peak times.

And 11 percent of companies would lose more than 1 million dollars per hour of DDoS attack

Apart from monetary losses, a significant amount of companies would be damaged in other ways – they would lose their customers’ trust, their brands would suffer, their sensitive project documentation would go missing and some could even get malware on their company network. The attackers often use DDoS just as a cover, while their true aim is stealing company data or money or just damaging the infrastructure from the inside .

Common Results of DDoS attacks

Attacks against their servers have long-term consequences for many businesses. Source: Neustar DDoS Attacks & Protection Report: NA, April 2015

This means that attacks don’t end the moment administrators get control over their servers back – their consequences are felt by the companies for a long time afterwards.

What can you do about it?

But how should you act if you want to prevent DDoS attacks altogether? There is no easy answer to this question. Every network’s security consists of many elements that can be implemented well or poorly. As a result, the security can differ from one network to another.

The best advice for administrators is: be on your guard. It’s necessary to evaluate your network from many points of view. Perform penetration testing, test applications, examine every way attackers could use to get into your network under the guise of a DDoS attack. Find out where the weak spots are, what could crash under too much stress or just react differently than under normal circumstances. Consider every step of your network communication – is it safe, could it be problematic under attack? There are many ways and tools you can use to protect against DDoS and every network will require a slightly different solution. There are also many kinds of DDoS attacks that need to be taken into account.

The attackers stick with the tried and true methods

Lately, the culprits have favoured attacks based on UDP, an internet protocol. Such strikes accounted for more than 56 % of DDoS attacks. In 50 % of cases the criminals used a flood of SYN requests. The total doesn’t add up to 100 % because the attackers often use more vectors of attack at the same time.

The important thing is not to get fooled because of the immense threat. Don’t trust security companies that offer a miraculous instrument that will take care of all DDoS attacks by itself. There is no universal cure. You always need to use more layers of security elements and expend a bit of your time and effort into making your network secure.

What about your experiences?

Have you ever had run-ins with DDoS? What largest DDoS attack have you ever came across? What measures did your company have to take? And which part of a network would you advise others to secure the most? Share your experiences and opinions in the comments below, because they will surely help someone else.

Líbil se vám článek? Ano / Ne