Why DDoS Protection Is No Longer Optional

October 24, 2014 in Cyber Attacks, Data Breach

If businesses are to survive the growing threat of DDoS (Distributed Denial of Service) attacks, then DDoS protection must evolve quickly and respond even faster. Hackers have no shortage of options when it comes to launching DDoS attacks. In early October, Akamai warned that hackers are now targeting Universal Plug and Play devices, or UPnP, to launch their attacks. The firm estimated that there were more than 4 million UPnP devices, from home routers to web cams, that were vulnerable to being conscripted by hackers to launch devastating DDoS attacks.

The firm also claimed that it had seen a steady increase in such attacks since July of this year, to the point that UPnP now account for more than 7% of all DDoS attacks being detected.

DDoS attacks have become so easy in part because the Internet presents such an easy launchpad. DDoS attacks fundamentally require unprotected computers to launch their attacks. And hackers have plenty to choose from. There are now more than a billion computers and servers connected to the Internet, and more than 2 billion users.

Hackers only need to conscript a few thousand of these at any time in order to launch an attack. More and cheaper computers, an avalanche of new and more powerful consumer and business technologies, and cheaper bandwidth, all combine to make DDoS attacks the new favorite in the hacker armory.

Researchers are also reporting a surge in what are known as Reflection DDoS attacks. In a reflection attack, the attackers simply spoof the target’s real IP address to send an avalanche of traffic to thousands of other computers. Those computers, believing the source of the traffic to be genuine because the IP address is correct and legitimate, in turn respond to the originating victim IP address and overwhelm it with traffic. And it’s proving increasingly difficult to prevent.

And with so much cheap firepower at their disposal, there are very few websites that hackers can’t target. They can even be very specific in their targeting. They can focus their attack on the entire website, thus making it completely unavailable to legitimate traffic. Or they can focus on a specific part or function of the website, like a shopping cart. That means while your customers can visit your website and decide what they want to purchase, they can’t actually complete the purchase.

The problem is compounded by the growing number of botnets-for-hire. As the industry of cybercrime matures, it’s segmenting and specializing. Instead of going to the trouble of creating their own network of compromised computers, hackers can instead visit any number of black market sites and place an order for botted computers, 1,000 at a time, all ready to attack.

And botnets are cheap. The creators of the botnets hire other third parties who use sophisticated malware to infect unprotected computers and add them to the botnet. It can cost botnet owners as little as a few dollars to infect and conscript a thousand computers, and those hijacked computers can then be rented out for DDoS attacks for as little as a couple of dollars for 5,000 computers or nodes. A month’s rental of a massive botnet capable of taking down the biggest website can cost less than $500.

And in an effort to evade DDoS protection and evasion, hackers are once again turning to things like encryption to make it almost impossible to inspect and isolate the incoming data.

That’s why you can’t afford to ignore the growing threat posed by DDoS attacks to your business, no matter what its size. Just ask yourself this. How much would it cost you if your website was inaccessible to customers for a day, a week, or a month? How many customers would you lose? How much long-term impact would it have on your brand? And how much would you be willing to pay to make it all go away?

Those are the questions hackers are asking too, and they know the answer is simply whatever it costs. That’s why DDoS protection must be part of your website security plan. And while there’s no way to protect against every type of DDoS assault, you can significantly reduce the risk by using proven technologies like a Content Delivery Network, or CDN. When combined with a Web Application Firewall, the CDN can detect the tell-tale signs of a DDoS attack and redirect that traffic so it doesn’t have a chance to impact your website and business. And all for dollars a day. To learn more about integrating a Web Application Firewall in your business call 855.378.6200.

Latest Articles
Follow SiteLock