|
 By Jose Nazario of Arbor Networks
Criminal gangs are increasingly using the Internet as a tool to extort money from businesses. Thousands of Distributed Denial of Service attacks are occurring globally every day and it is vital that senior management is aware of the very real risk of such an assault.
In recent years more companies have moved their business processes online and e-commerce has been a massive source of growth. However, while the rise of the Internet has brought numerous benefits, it also carries a number of threats in the form of viruses, hackers, worms, and malware. Most companies are aware of these risks and have the appropriate processes and technology in place to mitigate them. But in the last few years these Internet based threats have taken on a more malevolent and sophisticated nature; virus writing is no longer the pastime of teenagers with too much time on their hands - instead, viruses are now being written for organised cyber criminals motivated only by money.
Extortion – A growing problem
These criminals are increasingly using a method known as Distributed Denial of Service (DDoS) attacks. DDoS attacks are launched with the sole aim of crashing a company’s website or server by bombarding them with packets of data, usually in the form of web requests or e-mails. Unlike single source attacks (which can be stopped relatively easily), the attacker compromises a number of host computers which, in turn, infect thousands of other computers that then operate as agents for the assault. These infected host computers, known as ‘zombies’ or ‘bots’, then start flooding the victim’s website with requests for information – creating a vast and continuous stream of data that overwhelms the target website, thus preventing it from providing any service.
Although they can be executed in minutes, DDoS attacks can last hours, weeks and even months and are capable of bringing unprotected organisations to a grinding halt. All online services will be disrupted which will not only prevent businesses from serving their customers, but will also prevent employees from doing their work. The results will be a loss of customer and shareholder confidence, reduced productivity and a massive dip in revenue. Cyber extortionists are able to demand huge sums of money to cease the attack, yet these amounts are small in comparison with the financial impact of a sustained assault.
Every business is at risk
The cost of a DDoS attack can be substantial and it has been estimated that as many as 10,000 occur worldwide everyday. DDoS extortion attacks were originally used against online gambling sites. Criminal gangs would initiate attacks that would bring the website down just before a major sporting event, inflicting maximum financial damage. Now, however, DDoS attacks are increasingly being used to extort money from all sorts of businesses.
The reality is that no company is safe. The problem is exacerbated by the fact that DDoS attacks do not simply affect the organisations they are targeted at, but can in fact bring down the Internet Service Provider (ISP).
Some companies have chosen to meet the demands of extortionists – this is understandable as the amount being demanded is often far less than the cost of implementing the technology needed to filter network traffic on an ongoing basis. Inevitably, however, companies that have given in to blackmail have found themselves being targeted again. By giving in to extortionists businesses are encouraging such activities and making the problem worse.
Lack of awareness is making businesses vulnerable
Despite the substantial damage DDoS attacks can cause, research released by IT Company IntY has revealed an alarming lack of awareness amongst businesses about the threat posed. According to IntY, more than half of UK companies are at risk because this lack of understanding has resulted in a widespread failure to implement the necessary preventative technology. It is vital that senior decision makers wake up to the very real threat posed by DDoS attacks. A failure to do so could have far reaching consequences. While most companies do succeed in getting their business back online following an attack, the damage done to brand integrity will be significant and both customer and shareholder confidence will be affected.
All businesses with an online arm should implement the necessary preventative measures to mitigate the threat of a DDoS attack. Many companies rely on reactive measures such as blackholing, router filters and firewalls, but all these methods are either inefficient, not sophisticated enough to protect against cyber criminals or can only be configured to specific external sources.
A multi-layered approach to defence
While all these tools do possess crucial security features, they fail to offer sufficient protection against the ever evolving and sophisticated nature of these assaults. If companies are to successfully combat a DDoS attack a truly multi-layered approach to defence must be adopted. Thus it is vital to establish a solid relationship with your service provider to ensure that you are aware of the measures that are available to protect your network and online business. Recent research by Arbor Networks revealed that DDoS attacks are the most crippling threat facing ISPs today, yet only 29 percent of ISPs surveyed offer security and DDoS service levels agreements to their customers.
Because DDoS attacks are launched from thousands of computers around the world it is essential that companies share information about the attacks if they are to be stopped. Such assaults cannot be fought alone and a collaborative effort is vital. A number of ISPs, large (including Belgacomm, Cable & Wireless and COLT) and small, have signed up to Arbor Networks Fingerprint Sharing Alliance which enables them to share detailed attack information in real time and block attacks closer to the source. Once an attack has been identified by one company, the other ISPs in the Alliance are automatically sent the ‘fingerprint’ enabling them to quickly identify and remove infected hosts from the network. This enables businesses and their ISPs to stay abreast of security threats as they arise. The Alliance is helping to break down communication barriers and its rapid growth marks a significant step forward in the fight against cyber criminals.
The threat of being blackmailed by organised criminals using DDoS attacks is very real and businesses cannot afford to be complacent. Such attacks are capable of bringing even the largest companies to their knees. However, stand alone defences are insufficient to combat these attacks and a comprehensive approach to security must be implemented. Not only should a multi-layered security strategy be instilled at enterprise level, but companies must also work with their ISPs to ensure that they too have taken preventative measures.
Arbor Networks is exhibiting at Infosecurity Europe 2006. Now in its 11th year, the event provides a free education programme, new products & services, over 300 exhibitors and 10,000 visitors from every segment of the industry. Held on the 25th – 27th April 2006 in the Grand Hall, Olympia , this is a must attend event for all IT professionals involved in information security. www.infosec.co.uk
•Date: 28th March 2006 • Region: World • Type: Article •Topic: ISM
Rate this article or make a comment - click here |
