Story image

Gen-i: DDoS attacks – the new norm?

18 Feb 14

These days you don't have to be a government agency, bank or right-wing website like Whaleoil to be concerned about becoming the target of a Distributed Denial of Service (DDoS) attack.

The hackers who carry out these costly shutdowns are getting stealthier and more ferocious, and organisations across all industries need to get prepared.

According to NSFOCUS, a major DDoS event broke out every two days on average during the first half of 2013 and about two-thirds of victims suffered more than one attack.

So just what is a DDoS attack? It’s an attempt by an attacker to make an online service unavailable to genuine users by overwhelming it with traffic from multiple sources.

Unlike a Denial of Service (DoS) attack, where an attack comes from a single host, a DDoS attack uses many compromised systems - sometimes thousands - to simultaneously launch attacks against a target site.

It results in an overload of computing resources as servers try to handle the flood of incoming messages and, at its worst, can affect entire networks connected to the computer being attacked. To legitimate users trying to access a targeted website, it may show up as slow performance, with files or pages opening at snail speed, or the site will be completely offline.

I often get asked who should be most concerned. Hackers do not discriminate by size and any organisation can become a target either directly or indirectly, ranging from banks and government agencies, through to news websites and private businesses.

DDoS attacks are increasingly being carried out as cyber terrorism and organised crime, making sites unavailable for political gain or to demand a payment before the attack is stopped. These attacks rarely hit the media as few organisations want to publicise a security breach.

In New Zealand, high profile hacktivism attacks have included the online activist group Anonymous threatening our government to protest the actions of the GCSB. More recently, Whaleoil was stranded for many days when unidentified cyber assailants attacked the site.

Attacks can have a long-lasting impact beyond the shutdown of services for a period of time. Every minute of downtime for a business site can equal thousands of dollars in lost revenues. And security incidents often have a negative effect on business operations, resulting in significant opex costs, loss of customer trust and erosion in brand reputation. There are also legal and regulatory obligations as part of business continuity planning.

So what should you do to protect yourself from the DDoS threat? Traditional security products are not designed for today’s complex DDoS threats as many provide protection on site. That means that by the time an attack is detected, it is already using up internet bandwidth and process power and disrupting legitimate business transactions.

And buying more bandwidth and processing power may not help as the attacker can simply add more attack machines.

If doing business online is important to you, you’ll need an ICT partner that proactively mitigates risks by working with companies to monitor international gateways, detect and prevent attacks at source without disrupting normal business transactions.

Gen-i has a Managed DDoS Protection service and has joined Abor Networks’ Cloud Signalling Coalition (CSC) to help further reduce time-to-mitigation for dynamic threats facing our client’s networks.

You can’t afford to disregard DDoS attacks. The risk is too severe.

By Ling Hou, Business Manager - Security

This article was first published on the official Gen-i Blog.

STT GDC to build hyperscale data centre in Singapore
ST Telemedia Global Data Centres (STT GDC) today unveiled ambitious plans for expansion with its largest data centre in Singapore to date.
Golden opportunities for enterprise e-waste reduction
E-waste is a hot topic in tech circles, and Park Place's EMEA MD believes there could be huge opportunities if data centres and enterprises improve their practices.
How Schneider Electric aims to simplify IT management
With IT Expert, Schneider Electric aims to ensure secure, vendor agnostic, wherever-you-go monitoring and visibility of all IoT-enabled physical infrastructure assets.
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Cisco dominates record-high Ethernet switch & router markets
While the market is flourishing, it’s tough-going as Cisco has increased its majority share of the pie.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
QNAP introduces new 10GbE and Thunderbolt 3 NAS series
The new series is supposedly an all-in-one NAS solution for file storage, backup, sharing, synchronisation and centralised management.