DDOS attacks don't have to mean 'game over'

Of all the information security threats keeping information security pros awake at night, Distributed Denial of Service (DDOS) attacks are certainly one of the most haunting.

DDOS attacks involve a barrage of botnets (collections of compromised computers utilised by attackers) flooding the bandwidth and resources of targeted systems within your organisation. They're often launched against Web servers, DNS servers, e-mail servers, application servers or other critical digital assets - resulting in systems being brought to their knees, and the company left unable to operate or provide services to customers.

The typical modus operandi for DDOS attackers involves a concerted attack over a period of time - to assess whether it had the desired effect. If it's successful, the targeted organisation is often 'marked', and will likely be attacked again and again. These armies of zombie computers are controlled by criminals of the digital underworld - whose motives are often extortion, revenge, or activism.

DDOS attacks are rising at an alarming rate. In its latest Worldwide Infrastructure Security Report, Arbor Networks noted that these attacks on DNS servers were up from 17% last year to 30% this year. The research revealed that despite this sharp increase, over a quarter of large enterprises surveyed still had no dedicated DNS security resources.

In a white paper, 'DDOS attacks don't have to mean game-over', Arbor highlights the importance of a coordinated approach to dealing with DDOS attacks - encompassing both cloud-based and on-premises defence measures.

In the paper's case study, an online gaming company suffered $1.7m in losses from a series of DDOS attacks, due to insufficient on-premises defences to augment its cloud defences.

By integrating Arbor's Availability Protection System (APS), the gaming company was able to safeguard against any known and emerging DDOS threats, and receive continual updates from Arbor's Security Engineering and Response Team. Deployed at the network perimeter, APS disrupts botnet communications and detects and blocks application-layer DDOS attacks, including those specifically designed to compromise stateful in-line tools like firewalls, IPS devices and load balancers.

Bryan Hamman, territory manager for Sub-Saharan Africa at Arbor Networks, says the problem of inadequate protection from DDOS attacks is a growing concern for South African organisations - as more and more local companies digitise their operations and rely wholly on 100% uptime across all their systems.

"Broadly speaking, organisations need to shore up their technical defences against DDOS threats, which show no sign of slowing down. This must be combined with decisive emergency response processes to address attacks with greater speed," Hamman notes.

While some experts say that the volume DDOS attacks against South African businesses have grown over 150% over the past year, Hamman says the good news is that businesses can quite easily address the issue, with defence technology that is available out-of-the-box and without configuration.

"Solving the DDOS challenge is, fortunately, not technically-difficult. The main problem is in the lack of awareness or appreciation for the way that DDOS attacks can affect organisations - from an operational, financial, and reputational perspective.

"Businesses must be aware that traditional security solutions, such as firewalls and intrusion prevention systems, will not hold up against the powerful and sophisticated nature of modern DDOS attacks," he concludes.

Arbor's APS received a Gold Award in the 2016 Info Security Products Guide - the industry's leading information security research and advisory guide.