One of first publicized denial-of-service (DoS) attacks appeared in February 2000 when a 15-year old Canadian flooded the servers of various online retailers, including Amazon and eBay. The tools and techniques to execute such a salvo were being researched and developed for years prior to the attack.
Back in the day, there were three basic types of DoS attacks-
Consumption of scarce, limited, or non-renewable resources
Destruction or alteration of configuration information
Physical destruction or alteration of network components
As cybersecurity defenses improved, the tactic evolved to a distributed denial-of-service (DDoS) attack model. This approach helped obfuscate attack sources and empowered threat actors with a near limitless army of botnet machines. This led to endless attacks — from every region, every source and against every layer.
DDoS attacks are in such widespread use that it’s practically a household term. The motives for why threat actors or criminal organizations leverage DDoS attacks to take down enterprises, online retailers, services providers, gaming networks or government services vary. The only concrete fact is that they are only growing in number, size, duration and sophistication.
In September 2016, Brian Krebs, noted cybersecurity journalist, was the victim of one of the largest DDoS attacks on record: 620 Gbps. While standard DDoS attacks use some form of DNS reflection to control large numbers of unmanaged online devices to do their malicious bidding, Krebs noted that the responsible party may have leveraged generic routing encapsulation (GRE) to power the DDoS attack that took down his site. Through GRE, they leveraged a never-before-seen army of compromised IoT-based devices (e.g., webcams, security controls, etc.) to flood Krebs’ server with record traffic.
Even the Rio Olympics was not spared from the wrath of DDoS attacks. Threat actors targeted the Rio Olympics — specifically publicly facing sites and partner organizations — with advanced IoT-based DDoS attacks that hit peaks of 540 Gbps.
In a recent proof-of-concept exercise, researchers in Israel discovered that malware could be deployed on mobile devices to create a botnet that could easily take down 911 emergency response phone systems. The university’s Cybersecurity Research Center published a report that outlines how a threat actor could exploit cellular network protocols to launch an anonymous telephony denial-of-service (TDoS) attack against the critical infrastructure that makes the emergency 911 services possible.
Understanding the True Costs of a DDoS Attack
Media coverage is omnipresent. But do DDoS attacks have any real-world financial ramifications? Depends on the business or industry, but the short answer is yes.
The Ponemon Institute published an in-depth 2016 study detailing the financial costs associated with DDoS attacks. The report, “Cost of Denial of Service Attacks,” found a large range of losses from various organizations. However, over the five-year span between 2011 and 2015, the related costs of a DDoS attack increased 31 percent. The highest cost associated with a DDoS attack was $2.35 million.
That said, larger data breaches that fell outside of these parameters saw much greater losses. Each security event is unique, so it’s difficult to correlate threat types to actual money.
An alternate September 2016 study by Kaspersky Labs found the cost of each cyberattack (including malware, phishing, DDoS, etc.) to be an average of $861,000 for a large organization. The true financial impact of DDoS is difficult to measure because performance degradation and blocked services can go undetected without protection monitoring in place. In fact, many environments are breached with a barrage of weapons and attack vectors, so linking specific dollars to exact exploits proves to be difficult. Many environments are breached with a barrage of weapons and attack vectors, so linking specific dollars to exact exploits proves to be difficult.
According to the Verisign DDoS Trends Report for the second quarter of 2016, the number of DDoS attacks increased by 75 percent year over year. Akamai’s State of the Internet study found even larger growth, stating that the first quarter for 2016 witnessed a 125 percent year-over-year increase in total DDoS attacks.
While the number of attacks is growing, the more concerning trends are the raw scale and how DDoS attacks are being leveraged in more creative manners against victims. The second half of 2016 saw new records for DDoS size, easily pushing past 600 Gbps thresholds. Do organizations have recourse as these advanced DDoS attacks speed toward the 1 Tbps threshold?
Organizations are increasingly dependent on the availability of their services, and on their ability to connect to the Internet. Downtime results in immediate revenue loss, brand damage and additional employee labor for mitigation. To easily integrate into various networking architectures, a flexible, vendor-neutral DDoS mitigation solution is required.
By Sanjai Gangadharan, Regional Director, SAARC, A10 Networks