What They Mean to Enterprise Companies, and Best Practices for Mitigation
By Phil Annibale, Manager, Cyber Intelligence Division
The frequency and size of Distributed Denial of Service (DDoS) attacks against businesses are increasing at alarming rates, costing corporations an estimated $50,000 to $100,000 per hour in website and application downtime. Another recent study estimates that the average cost of just one minute of downtime due to a DDoS attack can be as high as $22,000. In addition to hurting your bottom line, outages from DDoS attacks can undermine customer trust, compromise business partnerships, and damage your brand reputation. Another cost of DDoS attacks is diminished productivity, as IT and security staff may spend more resources on fire drills associated with such attacks than on day-to-day tactical needs and strategic planning.
To put the increasing number of DDoS attacks in perspective, let’s compare the metrics from Q2 2012 to Q2 2013, as recently reported by Prolexic:
- 33% increase in total number of DDoS attacks
- 123% increase in attack duration: 38 hours vs. 17 hours
- 1,655% increase in the average packet-per-second rate (47.4 Mpps)
- 925% increase in average bandwidth (49.24 Gbps)
- 23% increase in total number of infrastructure (Layer 3 & 4) attacks
- 79% increase in total number of application (Layer 7) attacks
Motivations for DDoS attacks can vary from revenge to competition, politics, war, or cloaking criminal activity. For instance, in one recent example, a DDoS attack on a regional West Coast bank, executed on Christmas Eve – when a smaller institution was sure to be short-staffed – kept the IT team tied up for days. It was only after the attack was over that the bank realized the DDoS attack was a smokescreen to keep everyone busy. The attackers’ real objective was the nearly-$1 million stolen from a small business account right before the DDoS attack.
As attackers continue to leverage new ways to exploit evolving technologies, DDoS attacks are likely to increase in both frequency and power. In addition, attackers are building larger, more complex botnets to distance themselves from attack targets, overwhelm defenses and avoid detection.
While attackers conjure and tweak new DDoS attack methods, corporations continue to be vulnerable to DDoS attacks. Potential corporate implications of DDoS attacks beyond lost productivity and revenue include system malfunctions, intellectual property theft, regulatory and compliance violations, and reputation damage.
Although DDoS attacks will likely remain an ongoing persistent threat for organizations, here are some best practices to help mitigate attacks:
- Ensure you have sufficient bandwidth to absorb an attack, or engage a third-party mitigation service provider
- Employ filtering technology to identify unwanted server traffic and suspicious outbound traffic from potentially compromised computers and servers
- Actively participate in IT security community groups to learn of emerging threats
- Use logging and correlation systems to collect and analyze detailed attack data
- Engage in proactive open source monitoring to identify advance indications of pending attacks against your organization
Mindful companies deploy this last bullet point in particular to mine open source intelligence for advance knowledge of potential attacks and threat actors. In our next blog post, we’ll explore some of the ways that open source monitoring can help in this regard.