Amid heightened cyber security fears, DDoS attacks grow in volume and sophistication.

26 September 2018

When the first denial of service attack was mounted by a 13-year-old student in the United States in 1974, his aim was simply to test how his program could force a room full of users to log off their computers.

Today’s attacks are more sophisticated, targeted and difficult to stop. They are also distributed in nature, so these distributed denial of service (DDoS) attacks can come from thousands of “zombie” computers or devices that are hijacked to do the dirty job of flooding a victim’s server with data.

Amid heightened security threats on many fronts, DDoS remains a top worry because these attacks are easy to mount yet extremely costly for victims that have their websites and services knocked out.

It takes just USD$38 an hour per month to hire a “DDoS attack service” to target a company, according to an Incapsula DDoS Report. Yet, the damage can be $10,000 in lost revenue every hour, for an average company earning $10,000 an hour, operating on a 40-hour work week.

Far-reaching impact

The impact is even more far-reaching in a digital economy. Amazon lost $4 million in sales after 49 minutes of outage in 2013, for example. 

That’s not to mention the financial backlash that comes with a loss of productivity, reputation damage and impact on customer confidence. Amazon’s stock dropped 25 per cent in 2013 after the company went offline for several hours. Sony, meanwhile, spent $170 million to clean up the damage after a DDoS attack in 2014.

Being closely connected to a global economy, Singapore companies are no stranger to cyber attacks as well. In 2017, the Cyber Security Agency said an unnamed Singapore institution was threated with a DDoS attack unless ransom was paid. A “demo attack” was even launched as a warning, though the threat was never carried out, according to a Today report.

 

Harder to stop DDoS attacks

What is worrying today is that DDoS attacks have become harder to stop. Attackers are adopting multi-vector attacks and dumping more traffic on target websites in an effort to overwhelm them.

In March 2018, developer platform GitHub.com was hit by the largest DDoS attack thus far. The attack took the site offline or made it intermittent unavailable for several minutes.

Using thousands of unique endpoints, the attack peaked at 1.35Tbps. That amount of traffic dwarfed earlier DDoS attacks, many of which were considered very large if they were in the hundreds of gigabits per second.

Recent attacks have also shown the different methods that hackers are employing. According to security vendor Nexusguard, they have been targeting poorly configured DNS (domain name servers) and unguarded Memcached servers, which are used to speed up websites running dynamic databases.

At the same time, multi-vector attacks making use of various vulnerabilities accounted for about 54 per cent of all DDoS attacks in the first quarter of 2018, Nexusguard pointed out in a quarterly report.

Hackers also target the peak operation hours of an enterprise to maximise their impact. Most of the DDoS attacks (about 69 per cent) lasted less than 90 minutes but their intent was clear – make the most impact by hitting enterprises where it hurts most.

All in, the total number of attacks grew about 78 per cent quarter-on-quarter, according to Nexusguard. Facing a growing threat, technology leaders have to find a way to better prevent their businesses from being forced offline.

 

Being adaptable is key

Many larger enterprises already have tools in place to monitor traffic that may signal an imminent DDoS attack. However, this alone may not be enough as attacks become larger and harder to deflect, while hackers turn to new vulnerabilities that amplify the impact.

In other words, common tools that may have worked in the past may not work as well now. Going forward, having both cloud-based and on-premise solutions against DDoS attacks will offer improved protection against newer attacks.

An on-premise solution will be able to swiftly detect a possible attack, while a cloud-based solution will help mitigate against a large attack aimed at flooding the Internet pipe that an enterprise uses.

While there may be different approaches to cyber security, the need is clear for a multi-layered approach. Cyber defences cannot simply be competing with hackers by matching the scale of their attacks.

They have to be smart enough to address weaknesses with certain infrastructure such as Memcache servers, while still dealing with a large-scale volumetric attack launched from thousands of unique computers or devices.

The key to the future is adaptability. There is no use finding a solution that only solves one issue, so the best bet is a holistic approach. This will ensure that users can still gain access to a website or network, while undesirable traffic is discarded on the fly.

Learn more about StarHub’s solutions to address the growing threat of DDoS attacks at www.starhub.com/cleanpipe.

Follow StarHub Business on Linkedin for the latest business updates.

Dark network with glowing red node targeting a hacker information security 3D illustration
Cyber Threat Hunting

Uncover the hidden threats that cause costly damage to your company reputation and disrupt your business.

 

Read more