How DDoS Attacks Can Sink Your Business

What is DDoS?

Distributed Denial of Service (DDoS) is a form of cyberattack which makes the target internet service inaccessible. “Distributed” refers to the fact that the attack comes from multiple sources, to have a bigger impact on the target, as it cannot cope with such a large amount of traffic. In recent years, DDoS attacks have become more and more complex, with many combinations of different attach approaches being used. DDoS attacks now generate much more data traffic than before - the biggest DDoS attack in 2015 consumed around 500 Gbps, but by the following year, this had doubled to around 1 Tbps. Each year, the number of attacks increases by 15%.

There are many online resources detailing DDoS attack statistics, such as the article “State of the Internet” from Akamai, as well as numerous threat reports from antivirus companies. There are also companies that monitor DDoS attacks on data backbones to provide real-time insights into what is happening. DDoS attacks occur continuously, as you can see on the map below. [1]

Any public service can fall victim to a DDoS attack, such as mobile application APIs, web pages, e-mail services, or DNS services. The affected service becomes completely unavailable during the attack, which means that any mobile applications, web pages, or email services will be inaccessible. Not only does this have a negative effect on the service provider’s reputation, but it also has a knock-on effect on other service providers and operators who might use this service themselves.

Attackers use several techniques exist to conduct high data load, and many of them use botnets to generate traffic. These botnets are devices remotely controlled by attackers. These devices are also sometimes called zombies - they can be personal computers, mobile phones, and even IP cameras, smart things, or networked devices.

Why DDoS? There are a number of reasons: attackers might just be doing it for fun, or they might have more specific reasons, such as slowing down business competitors or influencing public votes. DDoS attacks can also cover up other attacks, such as stealing valuable data from victims.

Impact of DDoS

Carrying out a DDoS is relatively inexpensive, but the impact it has on business can be enormous. A mid-sized DDoS that lasts for a whole day can be bought for around $500 on the dark web - this figure pales in comparison to the damage that’s done to a service operator who finds that their service is unavailable for 24 hours. In additional to direct financial costs, this unavailability of service damages the company’s reputation, which could have a far more severe effect in the long run.

A DDOS example

On December 31st, 2015, BBC servers experienced the biggest DDoS attack seen that year. The attack volume reached an enormous 602 Gbps, and rendered all of the BBC’s sites unavailable. The impact of such an attack spread to many content services connected to BBC servers, which failed to load, and the world was left without information from one of the largest news sources around. [2] [3]

There are countless more examples of such attacks, but it’s more constructive to think about the real impact a DDoS attack can have on business.

Let imagine, for example, a business critical application that has thousands of clients and serves as a communication tool between a company and its customers. This application is a channel used to generate contracts, book properties, sell goods or tickets, or any other service directly impacting the revenue stream for the company.

Under a DDoS attack, the victim may experience the following potential consequences:

  • No one can use the application to communicate with the company
  • Service unavailability might cause the company to fail to meet its Service Level Agreement (SLA) with the customers. Do you remember Google’s availability issue in Central Europe during November 2016? Google faced several issues in this regard, for example, all taxi services relying on Google Maps didn’t work.
  • Instead of using the website, users now flush the company’s phone and email systems and slow down all processes in the organization
  • IT administrators contact 3rd party vendors to help to solve the issue if they can’t solve it on their own.
  • If the unavailable service is related to public media, people might start asking for information elsewhere - and a competitor will be quick to step in.

Mitigating the impact of DDoS requires many people whose salary contribute to the indirect cost of DDoS attacks. If we weigh up all the direct and indirect costs, protection against DDoS is the logical choice.

Google outage in November 2016

Existing solutions to DDoS

There are many ways to protect against DDoS; however, every solution has its limitation. You can use a very fast Internet connection to handle a volumetric type of attacks, but is your application server fast enough to handle the high volume of connections created by hackers?

You can perform a deep packet inspection to search for malicious patterns inside the data flow (application logic DoS) between the application and the data center, but how fast do your appliances need to be to not become bottlenecks?

You can use automated data forwarding to the black hole of the operator, but do you want to rely on technology (sometimes wrongly configured) to make crucial decisions regarding accessibility of a business critical service? On the top of that, do you have employees experienced enough to detect and isolate attacks quickly and know the right steps to restore a fully operational service?

How to fight DDoS

To identify the source of the problem takes an expert eye. On first glance, a DDoS attack might look like just a traffic peak, or a bottleneck somewhere in the company’s data network.

The first step, then, in mitigating a DDoS attack is to know just what is happening. This requires detailed logging so that you have enough information to discover the source of the issue and the impact of the attack. To do this, you can use Log Management tools, Security Information and Event Management (SIEM), IDS/IPS technology, or firewalls.

Next, you’ll need to choose a strategy to mitigate the impact, using the resources available to you. You need to know the capabilities and limitations of the hardware at your disposal. However, such mitigation strategies often fail because business owners don’t know how to reconfigure their key appliance.

Thirdly, you need to have an active response plan to the problem, which includes all steps that need to be done and all the people who need to be informed about the problem.

The final step is to prevent any future attacks. You might need to make changes to your existing infrastructure or upgrade your technology to stop a DDoS from happening again.

If you have a professional team of security experts working with you, then they will probably know what to do during a DDoS attack. However, if you try to tackle the problem yourself, a DDoS might inflict great damage to your business.

TeskaLabs provides security technology focused on mobile apps and industrial Internet of Things. We offer application security technology which provides you with in-depth insights into what is happening on your network at any time. Our technology is connected to a Security Operation Center (SOC) monitored by security specialists who are ready 24/7, all year round, to help you mitigate app-related attacks. Thanks to a deep monitoring feature, our technology can also identify low-level issues that slow down communication and have a negative impact on customer experience.

If you'd like to get a true assessment of the architecture and security of your mobile application, please request a FREE Demo. Or, to learn more about TeskaLabs’ SeaCat Mobile Secure Gateway and how we can help you with the security of your mobility solutions, please visit www.teskalabs.com/products/seacat-mobile-secure-gateway.

Reference

  1. https://www.digitalattackmap.com
  2. http://www.csoonline.com/article/3020292/cyber-attacks-espionage/ddos-attack-on-bbc-may-have-been-biggest-in-history.html
  3. https://www.cyberdefensehub.com/famous-ddos-attacks/

About the Author

Jiri Kohout

TeskaLabs’ VP of Application Security, Jiri Kohout, brings years of experience in ICT security, having served as the Chief Information Security Officer for the Ministry of Justice and Chief Information Officer for Prague Municipal Court. He cooperated with the Czech National Security Agency to prepare the Czech Republic cyber security law.




You Might Be Interested in Reading These Articles

How TeskaLabs Helps You Operate SCADA Systems Securely and Comply with Security Laws

Cyberspace does not have boundaries. The internet is a truly international community, and it takes just milliseconds to reach a data source on a whole different continent. The internet is therefore an open arena for cyberattacks from across the world, where anyone can try to break their way into someone else’s data. We can see this daily in the news or on the specialized ICT news servers- the attacks never stop.

Continue reading ...

security iot

Published on June 06, 2017

Key Areas and Best Practices to Focus for Mobile API Security

With APIs (Application Programming Interfaces) becoming a crucial factor in any web or mobile application, security feels more like a journey than a destination. Of all the constituents that encompass an application, API gateway offers easy access points for a hacker to break in and steal your data. A single error in API can cause immense problems for any organization using your API.

Continue reading ...

security mobile development

Published on November 22, 2016

MazelTov and the Russian Underground Have It Going for Your Android Devices. But Not for Good Reasons

The Internet has been a good place for individuals and businesses. However, it's fast-becoming a leading medium for criminals in this cyber war against people like you and I. One example is the Russian underground that sell anything to do with cyber crime. On their websites, you can find any type of Trojans, exploits, rootkits and fake documents.

Continue reading ...

security

Published on May 19, 2015