By Paul Mazzucco, TierPoint Chief Security Officer
When a business considers moving its workloads to the cloud, availability of resources is often one of their biggest concerns. Understandably, they want their data and applications to be available when they need them, whether they choose a private cloud, a public cloud, or have TierPoint host their cloud in one of our data centers.
One of the greatest threats to high availability is the Denial of Service attack or DoS. This form of cyber threat has been with us since the late 1990s, so most of you are probably familiar with it. In short, a DoS attack floods a network with traffic, rendering it useless.
In more recent times an even more insidious type of attack has emerged: Distributed Denial of Service or DDoS. In the DDoS, cybercriminals take over devices connected to the net, even simple devices such as online security cameras, to create a botnet, an army of mindless devices all targeted at bringing down a single network.
The stats aren’t in yet for all of 2016, but one internet security analyst reported that DDoS attacks had risen by 71% since Q3 2015. Thanks to the botnets, they are also lasting an average of 16 hours, 35% longer than their predecessors.[i]
3 Major Challenges for Business
DDoS attacks affect businesses in 3 primary ways. The first, and probably the most obvious, is downtime. Last year, IDC put the average hourly cost of downtime at approximately $100,000. That means that the average DDoS attack lasting 16 hours would cost the business $1.6 million.
The high cost of downtime has led to a second type of DDoS attack: a ransom attack. This is similar in effect to ransomware, where your data is encrypted, and hackers demand payment in exchange for the decryption key, but the method is different. In a DDoS ransom attack, hackers will demand payment in exchange for stopping the attack. The payments are generally low: the bitcoin equivalent of only a few thousand dollars. Unfortunately, when caught without a DDoS response plan, a business may find it easier to just pay the ransom than deal with the downtime.
The third challenge for businesses is the Deceptive Distributed Denial of Service attack or DDDoS. In this scenario, the business is kept busy dealing with a DDoS while hackers execute a second type of attack that goes unnoticed. For example, a website gets shut down by a DDoS attack, and at the same time, customers receive a bogus email directing them to a temporary site where cyber thieves collect their credentials and personal data.
3 Ways to Prevent, Detect, and Mitigate the DDoS
Keeping up with DDoS tactics as well as other advanced security threats is going to require some real agility on the part of your IT security teams or service provider. Here are three keys to get you started.
1/ Detection — Like a tremor before an earthquake, a small DDoS attack may indicate something much larger is coming. Smaller attacks are used by criminals to ferret out the weaknesses in a system, but like a tremor, even these small attacks can be hard to detect manually. Since they are of shorter duration, they may just be written off as a glitch in the system. At TierPoint, our DDoS mitigation services leverage the power of Radware and Arbor Network appliances to detect abnormally high traffic volumes that indicate an attack in progress.
2/ Scrubbing — Once an abnormally high volume of traffic is detected, the traffic is immediately shunted off to a scrubbing center where it can be analyzed using a sophisticated set of algorithms. Clean traffic is then passed back to the network.
3/ Annual Vulnerability & Penetration Testing — The power of the Botnets have rendered all networks vulnerable to a DDoS attack. The purpose of vulnerability and penetration testing is to detect the weaknesses in your network that might be exploited during a DDDoS. Stronger networks make less attractive targets.
If you have questions about DDoS mitigation, feel free to ask your question in the comment box below.
Paul Mazzucco is responsible for all TierPoint corporate security standards regarding physical, information and network security. He leads the charge in acquiring and maintaining all industry-specific compliance certifications, including PCI DSS, FISMA and the FedRAMP/NIST Cloud Security standards. Paul joined TierPoint through its 2014 acquisition of Xand, where he served in a similar role.
 DDoS attacks increase over 125% year over year, ZDNet, June 8, 2016.