In the magical world of Harry Potter, the boy wizard and his cohorts were enrolled in a class called Defence Against the Dark Arts as part of their curriculum. In the world of technology, defending against the “dark arts” of DDoS attackers is just as much a requirement.
DDoS attacks suspend service to a website by overwhelming it with traffic from multiple sources, thus blocking access to the site and preventing users from accessing important information. Hackers can take down a website in one fell swoop using DDoS attacks, and the longer they last, the more costly they can be to a business.
According to a report from TrendMicro Research, a week-long DDoS attack costs $150 on average from the Internet’s black market, while Verisign/Merrill Research reports that one-third of all downtime activity on the Internet can be attributed to DDoS attacks. Additionally, a newly-released report from Symantec indicates that DDoS attacks have increased by a staggering 183 per cent between January and August of 2014.
In an exclusive interview with IT in Canada, Candid Wüeest, senior software engineer at Symantec Advanced Threat Research, discusses how businesses can defend against these attacks, and how Symantec can arm them for this battle.
IT in Canada: Why are more businesses falling victim to DDoS attacks?
Wüeest: I think we’re seeing more mid-sized and larger companies falling victim to DDoS attacks because they’re very easy to carry out by the attackers, and it can be very devastating on the receiving end as a result. The motivation behind it might often vary. For example, there are hacktivists who might do it to protest a company’s ideologies, but we also see others do it to make a profit.
One of the most obvious profit-related (schemes) is extortion, where an attacked company might be told “Give us a certain amount of money or your online shop will be down.” The other is carried out by a company’s competition, using DDoS attacks to redirect customers to their business. With Thanksgiving coming up, if an online shop is not online during critical hours, people might go to a different shop, allowing the competition to profit from those sales.
ITIC: The Symantec report notes that DDoS attacks increased by 183 per cent between January and August of 2014. What is the reason for that?
CW: I think it’s a bit of a self-fulfilling prophecy. We see that they are successful, and more people in the media are talking about them. This shows hackers that it’s a proven way to attack someone, so they decide to go through with it, which also creates a bigger demand for automated tools and DDoS services. We are also seeing more advertising in the underground market for people selling these services, and this is probably the reason why you’re seeing more of them actually happening.
ITIC: What can businesses do to prevent DDoS attacks?
CW: When it comes to defending against DDoS attacks, there are a few strategies. The first one is to simply be prepared for them and know who to call. Have a response plan integrated into your system to accommodate DDoS attacks. In most case, when businesses fall victim to DDoS attacks, they don’t know what to do or who to call, or who is responsible at the IP level, and this results in valuable time and revenue being lost.
The second one is planning for scalability and flexibility within your network. That starts with having the opportunity to filter out traffic whenever possible in multiple locations, have a load balancer in for multiple sites, or have a caching proxy in place.
The third strategy involves implementing certain protection services. Nowadays, if you’re a medium- or large-sized business, you should also definitely speak with providers of specific protection services, which can help you mirror your website across multiple locations, allowing for better filtering if you are under attack.
ITIC: Why are hackers now relying on mobile devices to execute attacks?
CW: We’ve seen that hackers are experimenting with mobile phones. This not just because of their 4G and LTE capabilities, which means they can generate a lot of bandwidth traffic, but because they are very good at generating application level DDoS attacks. They can attempt to overload a database with queries and perhaps use up all of an application’s resources. This is done through WebRequest, which can be easily sent over any mobile network.
We all know that most mobile phones are usually not protected by any kind of security software, so once they infected, they usually stay infected for a very long time because most people don’t notice it, as they don’t switch off their phones after 24 hours online. As a result, I think that mobile phones might be a better attacking platform than a laptop that you would shut down overnight.
ITIC: What kinds of services does Symantec offer for defending against these attacks?
CW: Symantec is very active in the intelligence and protecting people from becoming the source of an attack. We can help you defend against having your service compromised by any of the malware tools being used or a third-party amplification attack. We cooperate with different companies for the distribution of the network, but that is more of the focus of companies like Akamai and CloudFlare. With our knowledge that we have in the data centre, we can help with the flexibility of setting up networks that can be integrated into those services without having to switch too much on your existing platform.
ITIC: Are DDoS issues more of a problem in Canada then they are in the U.S.?
CW: As a country, Canada is doing well. It’s less of a problem there compared to the U.S., but we can’t expect there to be a country where DDoS attacks aren’t happening. One of the reasons is because they’re so easy to conduct, and many more hackers are relying on them now as a result. They are definitely happening in Canada, and people should definitely be preparing themselves if they haven’t already done so.
ITIC: What can companies do to protect their cloud from attacks?
CW: Cloud protection is an interesting problem. Companies should definitely read the FAQs from their cloud service providers to learn how they can protect against denial-of-service attacks. Sometimes, they might be a DDoS attack against a company’s online storage, but if it’s targeting the cloud provider, the business might not even notice that they are under attack. They might just notice that they are no longer available, or the availability of certain documents is failing.
You should definitely talk to you cloud provider about how they are protected against DDoS attacks, and most of them do have a plan or have multiple locations and balancing in place to cope with these attacks. Make sure that you are aware of them, and if they don’t have them, you should consider moving to another one or plan a strategy on how you can switch to a secondary site in the event of an attack.
ITIC: What does the future hold for DDoS attack prevention?
CW: With DDoS attack prevention, we see that it’s moving in another way, but kind of complimenting to the whole bandwidth issue. At the moment, most of the mitigation tactics rely on providing a larger bandwidth so that the attackers cannot fill it up. This is good for basic attacks, but we see that there is a limitation to this. In the end, this is a race which will be won by the attackers most of the time because they can compromise more machines.
What we see in the future is that we have to rely more on the protection of resources, such as websites and databases, and ensuring that they are protected and secure against having their resources used up. We also have to ensure we can perform proper filtering and only let genuine people in. We see more features being implemented in back service technologies or proxies that are close to the web server.