Story image

Be ready: DDoS attacks like you’ve never seen are coming

14 Feb 2017

Last year saw the largest and most high-profile Distributed Denial of Service (DDoS) attacks in history. In September, a series of attacks included an assault on the French web hosting company OVH that reached a once inconceivable 1.1 terabits per second.

And the very next month, an attack on the web infrastructure provider Dyn topped that, reportedly hitting 1.2 terabits per second.

But is 2017 shaping up to be even worse?

Deloitte warns of just that in its 2017 predictions. It says that DDoS attacks will “enter the terabit era” and predicts an average of one 1-terabit-per-second attack a month in 2017, with 10 million attacks total.

Cisco foresees a similar escalation in coming years, predicting that the number of attacks will increase 2.6-fold between 2015 and 2020, when they will exceed 17 million annually.

Defending against this kind of escalation is going to take awareness, diligence, and, we think, an increased reliance on direct interconnection.

The changing landscape

A DDoS attack is when hackers use multiple computers and internet connections to flood a targeted site with bogus traffic, attempting to overwhelm the site and knock it offline. In Arbor Networks’ 2016 security survey, 53% of respondents indicated they were seeing more than 51 attacks per month, a significant increase in frequency from the prior year.

The typical attack is nowhere near the 1 terabit level – just a third of the Arbor Networks respondents said the peak attack reached 100 gigabits per second. But the potential size of the attacks has increased exponentially in the last decade, and Deloitte lays out some key reasons why:

A growing installed base of insecure Internet of Things (IoT) devices (i.e. digital security cameras, digital video recorders), which attackers can corral and weaponize.

The online availability of malware methodologies that enable relatively unskilled hackers to commandeer IoT devices and stage assaults.

The availability of higher bandwidth speeds, which allows hackers to send out higher volumes of junk traffic over networks of compromised devices.

DDoS attacks often aren’t successful – both the attacks and defenses against them have gotten more sophisticated. But when they hit, they hurt. Nearly a quarter of Arbor Networks survey respondents said a major DDoS attack cost them more than $100,000, and 5% said the costs exceeded $1 million. And that’s not counting loss of reputation.

Preventing the big hit

As discussed in a post about making the IoT secure from DDoS attackers, putting security first in the design of every IoT-enabled device is critical to preventing large-scale assaults.

We know that security is not top-of-mind for manufacturers of connected toasters, for example. But it must be, especially when any connected device can be used as a platform for attack.

A credible defense really starts with a change in mindset that acknowledges the scope of the threat, the diligence needed to meet it, and a commitment to developing common and easily adopted security standards, including network standards for connected devices.

Beyond that, here are some basic principles that can mitigate the impact of DDoS attacks:

Be cunning: There can be circumstances in which companies might want to consider doing what they can to confuse attackers by, for example, presenting them with false information to inspire confusion and wasted efforts.  (This should always be done judiciously and with careful forethought of potential business and legal consequences.)

Be dispersed: Centralized computing makes for a fatter target. Organizations can benefit from dispersing their IT capabilities by making their critical functions harder to pinpoint and attack.

Be a pain: Organizations need to be sure their device and software vendors are obtaining standard security credentials for their products, and that those credentials are easily updated. Their vulnerabilities will become yours.

At Equinix, we see our global interconnection platform, Platform Equinix, as an excellent staging ground for DDoS defenses. We host an ecosystem of managed security companies that specialize in DDoS attack mitigation, such as Deloitte’s cloud-based cybersecurity services, so our customers always have access to leading-edge solutions.

With facilities in 40 global markets, we have a worldwide presence that can enable companies to disperse their IT, making them more difficult to target. We also specialize in interconnection, specifically close, direct and secure interconnection that’s easier to protect and manage, right out to the digital edge of the corporate network.

Article by Larry Hughes, Equinix blog network

Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
Opinion: Meeting the edge computing challenge
Scale Computing's Alan Conboy discusses the importance of edge computing and the imminent challenges that lie ahead.
Alibaba Cloud discusses past and unveils ‘strategic upgrade’
Alibaba Group's Jeff Zhang spoke about the company’s aim to develop into a more technologically inclusive platform.
Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."