The economics of distributed denial of service (DDoS) attacks is alarmingly lopsided.
Exhibit A: in February, Meetup.com CEO Scott Heiferman received an email that every executive dreads.
“A competitor asked me to perform a DDoS attack on your website,” the anonymous message warned. “I can stop the attack for $300 USD. Let me know if you are interested in my offer.”
Before Heiferman even got through the ransom note, the cyber assault had already begun. Meetup.com’s website was brought down multiple times over the next few days by an 8.2 GB attack.
Exhibit B: according to new research from cloud-based security provider Incapsula Inc., the average DDoS attack costs a victimized business $40,000 US per hour or $500,000 US overall. Now just think about reports of what may be the largest DDoS attack in history that’s been happening in Hong Kong.
Here’s where the sad economics of the whole thing sinks in. Are strangers really willing to wreak half a million dollars worth of havoc on your organization just to pocket as little as three hundred bucks? Chillingly, yes. Other recent research suggests these attacks are only getting more common, more powerful and bolder:
- Akamai Technologies recorded a 22 per cent jump in the number of DDoS attacks between the third quarter of 2013 and the same period this year
- Akamai also saw a rise in the severity level of the attacks, with a 389 per cent spike in the average bandwidth used in each incident
- over the past year huge, high-profile sites like Evernote, Feedly, Plenty of Fish and Sony PlayStation have been knocked offline by DDoS incidents
- in May, the server of an undisclosed Canadian IT security firm was hijacked to deploy a massive DDoS attack on a gambling website, proving that even IT watchdogs aren’t immune to this cyber scourge
As in any battle, however, there are ways to mount a defence. Here’s a roundup of what you can do to avoid being a sitting duck for DDoS assailants.
Get prepared: Assess which points of your organization and IT assets are at greatest risk for a DDoS event. Plan out steps to take if an attack happens. Tally up the potential costs in lost business and network recovery efforts for every hour or day your site would be down. Look into buying cyber security insurance to cover possible losses and costs.
Get help: Ask your ISP what it’s doing to prevent attacks, what it can do to help if you get hit and how quickly it must take action under the terms of your service level agreement (SLA). Consider signing up with a managed security provider or an anti-DDoS service. They can monitor your network 24/7 for signs of an attack and block any traffic from known DDoS sources. They may also be able to quickly redirect your site or set up ‘mirror’ websites for it on other hosting services if a DDoS strikes.
Don’t expect a warning: Although Meetup.com’s CEO received an email warning, not everyone does. In the Incapsula survey, 46 per cent of companies targeted by a DDoS received a ransom note; 45 per cent did not. Since your chances of getting any kind of heads up are only about 50/50, you’ve got to stay vigilant all the time.
Check for NTP holes: Security experts have seen a rise in the number of DDoS incidents exploiting Network Time Protocol (NTP) servers, which are used by computers and other devices to sync their clocks. (Meetup.com’s attack was NTP-based.) You can run a test on your servers to check for this vulnerability – and find out how to fix it – at the Open NTP Project website.