Digital organizations are becoming helpless to prevent distributed denial of service (DDoS) attacks that take down websites by overloading or hit other online services with traffic.
DDoS attacks have the power to knock whole sites offline and are usually carried out by automated bots or programs.
Irish National Lottery, media company BBC, HSBC, and videogame Wurm were some of the victims of DDoS attacks.
ALSO READ: Verisign discloses DDoS trends report
The popularity of DDoS is creating a strong community of cybersecurity technology companies in the world.
Jeff Wilson, senior research director, cybersecurity technology, IHS Markit, said distributed denial of service (DDoS) mitigation product revenue reached $517 million in 2015. Arbor has been ranked first in DDoS prevention appliance revenue in 2015, followed by Radware.
Darren Antsee, chief security technologist at software company Arbor Networks, believes the world is in an arms race between those carrying out DDoS attacks and those who try to defend against them.
Arbor Networks said more than 200 of the DDoS attacks in 2015 summoned 100 Gbps of traffic, with the largest of these clocking in at 500 Gbps – enough to disrupt an entire internet service provider’s network. 74 percent of service providers surveyed by Arbor said they had seen an increase in such protections among their customers.
Kaspersky Lab says a DDoS attack can cause considerable losses, with average figures ranging from $52,000 to $444,000.
Helpless web owners
In December 2015, BBC confirmed that its network of websites and its iPlayer streaming service faced cyber attack.
OurMine hacking group pulled down the HSBC website through a massive DDoS attack on 12 July affecting domain in UK and the USA.
Earlier, OurMine hacking group made headlines for hacking social media accounts of technology celebrities including Facebook’s Mark Zuckerberg, Google’s Sundar Pichai and Twitter’s CEO Jack Dorsey.
DDoS are painful and devastating because these attacks are often highly costly. On September 20, security blogger Brian Krebs’ website, KrebsOnSecurity, was hit by a massive 620Gbps attack after he reported news on cyber criminals in vDOS website.
“The attack did not succeed thanks to the hard work of the engineers at Akamai, the company that protects my site from such digital sieges,” Krebs wrote in his blog post.
The attack was approximately 665 Gigabits of traffic per second initially. Additional analysis on the attack traffic suggested that the assault was closer to 620 Gbps in size.
CloudFlare chart showing L3 DoS mitigation during the last quarter of 2015
IT security firm Suruci said that rather than hackers using DDoS to throw the websites offline by bombarding them with a huge number of packets, this type of attack was more precise, taking advantage of the pingback feature that generates a comment on a blog when someone else with pingback enabled links to it.
“Layer 7 attacks (also known as HTTP flood attacks) are a type of DDoS attack that disrupts your server by exhausting its resources at the application layer, instead of the network layer,” said Daniel Cid, CTO at Sucuri.
In a blog post, CloudFlare said the current spate of large attacks is all layer 3 (L3) DDoS. Layer 3 attacks consist of a large volume of packets hitting the target network, and the aim is usually to overwhelm the target network hardware or connectivity.
A chart from CloudFlare shows that recent DDoS attacks were larger
CloudFlare said L3 attacks are dangerous because most of the time the only solution is to acquire large network capacity and buy beefy networking hardware, which is simply not an option for most independent website operators.
Growing DDoS attacks
Akamai Technologies said DDoS attacks increased 129 percent in Q2 2016 from Q2 2015. During the second quarter, Akamai mitigated a total of 4,919 DDoS attacks.
Akamai observed its largest DDoS to date at 363 Gbps on June 20 against a European media customer. The median attack size fell by 36 percent to 3.85 Gbps.
Twelve attacks observed during Q2 exceeded 100 Gbps and two that reached 300 Gbps targeted the media and entertainment industry.
There was a 14 percent increase in total web application attacks from Q1 2016. Brazil experienced 197 percent increase in attacks sourced from the region.
The United States ranked second among countries for total web application attacks, saw a 13 percent decrease in attacks compared to Q1 2016.
Last week, cyber security service provider Symantec warned that cybercriminals are hijacking home networks and everyday consumer connected devices to carry out DDoS attacks.
How to prevent DDoS
So, what are the ways to avoid such a disaster? A Microsoft write-up recommends keeping networks protected against being attacked. Besides, one must strengthen his machine securities to avoid being compromised.
Companies like Incapsula, F5 Networks, Arbor Networks, Nexusguard, Verisign, Neustar, Akmai, CloudFlare offer DDoS security solutions.
Experts in the field say prevention is better than cure. They strongly recommend adopting protective measures to avoid the trouble.
Large scale websites like Amazon, Facebook, Apple, Google protect themselves in many ways. They adopt layered security approaches such as black-holing, using routers and firewalls, intrusion of detection systems which will alert if any abnormal traffic occurs, proper server application configuration, automated mitigation and bandwidth oversubscription.
Often, small and medium sized businesses cannot afford these expensive methods. Therefore, Symantec recommends following measures:
# Research the capabilities and security features of an IoT device before purchase
# Perform an audit of IoT devices used on your network
# Change the default credentials on devices. Use strong and unique passwords for device accounts and Wi-Fi networks. Don’t use common or easily guessable passwords such as “123456” or “password”
# Use a strong encryption method when setting up Wi-Fi network access (WPA)
# Many devices come with a variety of services enabled by default. Disable features and services that are not required
# Disable Telnet login and use SSH where possible
# Modify the default privacy and security settings of IoT devices according to your requirements and security policy
# Disable or protect remote access to IoT devices when not needed
# Use wired connections instead of wireless where possible
# Regularly check the manufacturer’s website for firmware updates
# Ensure that a hardware outage does not result in an unsecure state of the device
According to Akamai, it was nearly double the size of the largest attack they’d seen previously, and was among the biggest assaults the Internet has ever witnessed, Krebs said.
He believes that this attack was launched with the help of a botnet that has enslaved a large number of hacked IoT devices — routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords.
According to Symantec, poor security on many IoT devices makes them easy targets. Often, victims may not even know they have been infected since these devices are designed to be plugged in and forgotten after basic set-up.
A recent research from the security service provider found that the most common passwords IoT malware used to attempt to log into devices was the combination of ‘root’ and ‘admin’, indicating that default passwords are frequently never changed.
Last week, hosting company OVH suffered a massive 1 Tbps DDoS attack, informed OVH founder and CTO Octave Klaba in a tweet.
The origin of the attack on Krebs’ website remains anonymous. Symantec study found that more than half of all IoT attacks originate from China and the U.S., based on the location of IP addresses used to launch malware attacks.
High numbers of attacks are also emanating from Germany, the Netherlands, Russia, Ukraine and Vietnam. In some cases, IP addresses may be proxies used by attackers to hide their true location.
Symantec found that most IoT malware targets non-PC embedded devices such as web servers, routers, modems, network attached storage (NAS) devices, closed-circuit television (CCTV) systems, and industrial control systems.
The company pointed out that many of the above said are Internet-accessible but, because of their operating system and processing power limitations, they may not include any advanced security features, and thus poses vulnerabilities.