DDoS attacks are continuing to evolve and the last 12 months has seen huge growth in the number and size of the attacks going on in Australia. When we couple this with businesses’ increasing reliance on Internet connectivity, for either revenue or access to cloud based data and applications; protection from the DDoS threat should be a top priority.
Looking back at 2014, attackers seem to have refocused on using large traffic floods, known as volumetric attacks, to effectively cut their targets off from the Internet. Volumetric attacks have always been the most common attack type, but in the last year the scale of the problem has changed.
How the Attack Landscape has Changed in Australia and Globally
The use of stealth methods of attack including reflection/amplification techniques to launch massive attacks has increased. The largest reported attack globally in 2014, according to Arbor Networks’ tenth annual Worldwide Infrastructure Security Report was 400Gbps. Other large reported events were 300, 200 and 170Gbps and there were several more over the 100Gbps threshold. Ten years ago, the largest attack was just eight Gbps; the problem has grown significantly for businesses.
Multi-vector and application-layer DDoS attacks are becoming very commonplace, in Arbor’s Infrastructure Security Report, 90 per cent of respondents reported application-layer attacks and 42 per cent experienced multi-vector attacks that combine volumetric, application-layer and state exhaustion techniques within a single sustained attack.
DDoS attack frequency is also on the rise. In 2013, just over a quarter of respondents indicated they had seen more than 21 attacks per month; in 2014, that percentage doubled to 42 per cent. Australia is becoming a more common target for attacks and the first quarter of 2014 saw Australia at the number three position globally as a popular target for DDoS attacks.
How does this Affect Australian Businesses?
DDoS and advanced threats are increasingly common: Nearly half of respondents saw DDoS attacks during the survey period, with almost 40 per cent of those seeing their Internet connectivity saturated.
Firewalls and IPS devices continue to be targets for attackers and over one third of organisations had Firewall or IPS devices experience a failure or contribute to an outage during a DDoS attack.
Data Centres and the Cloud are Attack Major Targets
Cloud services are a bull’s-eye for attackers, and over one quarter of respondents indicated that they had seen attacks targeting cloud services.
Security incidents are up, but Australian organisations are not fully prepared to respond: Just over one third of respondents indicated an increase in security incidents this year, with about half indicating similar levels to last year. Just under a half of respondents felt reasonably or well prepared for a security incident, with 15 per cent indicating that they having no plans or resources in place.
Data Centres are a High-Volume, High-Impact Targets
Over one third of data centre operators saw DDoS attacks which exhausted their Internet bandwidth. This underscores just how critical of an issue this continues to be for data centre operators, because downtime means not just lost business, but the collateral damage extended to customers operating business critical infrastructure in the cloud.
Revenue loss due to DDoS is up sharply and 44 per cent of data centre respondents experienced revenue losses due to DDoS.
Defending Organisations from the DDoS Threat
Everything we have seen over the past year re-affirms layered DDoS protection as the best way to defend organisations from the DDoS threat. Network perimeter defences provide proactive protection from stealthy application-layer attacks (and in fact all kinds of attacks), but they need to be coupled with a cloud or service provider based DDoS protection service to deal with higher magnitude (Volumetric) attacks which simply saturate Internet connectivity.
The security teams across a broad spread of organisations are becoming increasingly aware of the need for these layered DDoS defence solutions, but they have to compete (from a budget perspective) with other business priorities. So, how does the CIO compete for this investment in the boardroom? Well, the key is to compare the financial implications of a prolonged Internet service outage with the cost of appropriate defences. Fundamentally, it’s imperative for CIOs and CISOs to be able to put a monetary value on the cost of an attack when building a case for investment into security products and processes.
The starting point is to estimate the overall impact a DDoS attack is likely to have from a revenue, operational overhead and reputational perspective. These are the elements that can influence the overall cost of a DDoS attack and vary according to the nature of the business in question. Modelling all of these costs is a good way to determine the benefits of DDoS protection, since effective DDoS security can help reduce these costs by 90 per cent or more in the event of an attack.
With DDoS attacks continuing to grow in size, frequency and complexity – and our ever-increasing reliance on the Internet for day-to-day business continuity - putting the most appropriate defences in place is key. The best solutions and services ensure your business is protected from the DDoS threat.