By: Ashish Tandon, Chairman & CEO, Indusface
“Let’s assume the server to be a person. Denial of Service (DoS) is assaulting the person and notletting him communicate with anyone. Now imagine this person being assaulted and muzzled by45, 000 people at once, that’s Distributed Denial of Service (DDoS).” According to the base definition, distributed denial of service is an attack where multiple compromised or hired systems are used to target a single system, but it doesn’t really tell you much about the intensity or threat of the attack, does it? Take a look at some recent findings for instance.
- DDoS attacks cost banks up to $100, 000 per hour
- 20% of such attacks last for days and even months
- 87% of the attacked companies were hit more than once
- Attacks within bandwidth of 1-5 GB have increased by 150%
- Companies need around 10 employees to mitigate DDoS
Although these are only a few statistic pieces collected by the international internet analytic company Neustar, they somehow give a clear idea of how distributed denial of service poses a major security threat to businesses and governments across the world. But, do you know how DDoS attempts help hackers? Do they actually earn through the attacks? What’s the benefit?
The Whys and Hows of App DDoS
An application layer distributed denial of service attack is usually initiated by hiring machines, bots, or taking control of remote systems. These components are used to ping multiple fake requests to server making the services of an application or server unavailable to its intended users.
Such an attack targets everything that can eat huge chunks of the bandwidth, processing speed, and memory to slow down or disrupt services. Now when you look at those usual hacking attempts, motives are pretty clear. People are usually looking to snoop around the information, steal from the database, or simply want to initiate fraud transactions for money. But, how does it work with distributed denial of service? What motivates people so much that attacks have doubled in the last year? Actually, application DDoS is being sold as a commodity today.
Anyone can purchase custom coded DDoS module and launch it on any desired web application. In fact, with a little knowledge of underground markets, a basic DDoS attack will not cost more than a few hundred dollars. When compared to the network layer DDoS, application DDoS is much easier to execute. It requires lower computing power and fewer systems, which still leads to catastrophic results (a primary reason why app DDoS is becoming more prevalent). Take Slowloris attack for example. Slowloris was originally created to show how a single machine can keep many connection open simultaneous for long periods, ultimately crashing the server.
Over the years, this piece of software has gained more sophistication and still requires just one or a few machine and few thousand requests from each to make the server run out of connection pools and hence, making it a huge threat.
App vulnerability exploit that triggers app distributed denial of service is also worth a mention here. Several honeypot operations have shown that attackers can exploit BASH vulnerability to plant malware bots that accept multiple commands including UDP, JUNK, and TCP flood to carry DDoS. Likewise, there is a myriad of other app vulnerabilities that can be exploited to facilitate attacks.
Now if people are selling such services, who is exactly purchasing them? And more importantly, for what purpose? According to industry security sources, ransom and blackmailing are the most popular DDoS reasons. As explained earlier, 20% of the DDoS attacks can last from days to months depending on negotiations. Hackers ask for heavy ransom amount, which when paid leads to the attack being stopped and services made available once again. Similarly, competition motivates people to bring down better performing rivals while revenge from disgruntled employees leaves a similar impact. Politics, terrorism, war, and diversion techniques cloaking some other hacking attempt are also common reasons for carrying out app DDoS attacks.
Hope is Not a Strategy
With the increasing number of application layer attacks, especially distributed denial of services, it is imperative that chief security professionals not only gauge the risks and understand the harm these attacks can cause, but also arrange for mitigation tools, which is not exactly a cakewalk. Industry research on DDoS attacks also shows that more than 60% companies do not have dedicated mitigation tool. They rely on traditional solutions like intrusion prevention systems and network layer firewall, which ironically boost the attack traffic with congested bandwidth. So what exactly works? Here’s a quick guide that can help. What techniques are used to mitigate app DDoS attacks? Depending on the kind of attack, there are several techniques that can be employed to prevent the outage.
However, a very large part of preventing DDoS is monitoring the traffic continuously and consistently. This way, companies get proactive actionable data on attack and can formulate better prevention policies before it gets severe. And that’s exactly why automated tools can never provide benefits that an expert-backed tool can.
How does web application firewall helps prevent app DDoS? Web application firewall filters Layer 7 traffic directly and feeds data directly to security experts who can recognize malicious chunks of traffic trying to bring your services down. After which they apply rules and policies to block such attacks based on bot signatures, malicious IPs, bandwidth stealing, and so on.
Can you do it on your own?
If you are up for hiring and training security professionals with Layer 7 experience, mitigating DDoS in-house is possible. However, with huge costs and diversion from core business activity, most global players seek to outsource complete AppSec including DDoS mitigation to people who can monitor traffic 24 × 7 and take immediate countermeasures.
Is there an absolute security solution?
When it comes to DDoS security, there is no silver bullet technology that can solve every problem. With multiple attack vectors, on-going attack techniques, and zero-day vulnerabilities, automated technology alone is bound to fail. It cannot protect against all threats while also ensuring legitimate traffic doesn’t suffer. That is where the human experience and decision-making skills come in. Continuous expert monitoring with actionable insights is the most lethal combination of DDoS security that can prepare organizations with a proactive defense strategy.