By Ashish Tandon, Chairman & CEO, Indusface
As e-commerce sites get ready to welcome huge online traffic this festive season, they need to be aware of the new malicious threats that await them
With Christmas and New Year festivities round the corner, online retailers are gearing up with deals and attractive promotional offers to attract customers to their websites and rake in some extra moolah. However, this is also the time when online hackers get most active with their malicious intentions. The last few months have witnessed many such online attacks that lasted for a few hours and completely stalled popular sites like Facebook, Evernote and World Cup sites among others. These have been cases of DDoS attacks that seem to have become the preferred choice of hackers these days.
A Distributed denial of service (DDoS) attack is one in which a multitude of compromised computers attack a single target, thereby stalling traffic for the legitimate users of the targeted system. The large flow of requests from the compromised systems, to the targeted system essentially forces the target system to shut down or report as out of service due to bandwidth issues, thereby paralyzing the targeted system.
Unlike other regular attacks which are at times done just for fun, DDoS attacks generally have a specific purpose. They are conducted with the sole intention of harming the reputation and business of a website. It could be for financial gains to extort money, to defame the brand or just hit business by preventing legitimate customers from reaching the website. Whatever the reasons, DDoS attackers mean business, and every minute of downtime on the website could cost retailers dearly.
Estimating the Net Losses
According to industry sources, usually a DDoS attack cannot be easily detected until 4 to 5 hours of its commencement, and another 5 hours or more passes before the mitigation process starts. This means hackers get almost 10 hours to fulfill their malicious intentions. An immense amount of financial and brand damage can be done to any business in this time.
Studies indicate that DDoS attacks conducted so far have resulted in some of the most expensive outages. Past incidents have shown that DDoS-spurred outages can cost an average of $822,000 to mitigate, which is only a little lower than $959,000, the estimated cost of fixing outages caused by IT equipment failure.
With so much at stake, one would assume that organizations are actively going for DDoS mitigation solutions but surprisingly, only about one-fourth of e-businesses use mitigation solutions. Most of them rely on traditional and perimeter defenses for protection but these can prevent attacks only at Layer 3 and that too only to a certain extent. High volume DDoS attacks, which are now the norm, can easily overpower the traditional defenses and further multiply the effect of DDoS attacks. Therefore, e-commerce companies need to pay attention to the attacks being targeted at the application layer.
How to Deal With DDoS Attacks
DDoS attacks are becoming more sophisticated and persistent in nature. The attackers do not stop with one failed attempt but continue looking for weak points to exploit and attack. This advanced approach of attacks calls for solutions which can perform continuous monitoring and real-time traffic analysis and DDoS mitigation teams which can respond in real time.
Automated DDoS mitigation solutions cannot fulfill the purpose of complete protection against these attacks. Application Layer DDoS mitigation cannot be automated, and one cannot rely solely on automated rules/processes for mitigation. When it comes to Application DDoS Mitigation, a one-size-fits-all approach could prove to be fatal. The solution needs to be customized according to the business and should have security teams who develop and refine real-time application specific custom rules to mitigate the attack and protect the application.
When going for a DDoS solution, always look for an always-on approach as that works the best for such attacks. A solution that is well integrated with your system and is continuously scanning your traffic will be able to immediately detect a DDoS attack. This also reduces the response time between the attack and the mitigation process, thus minimizing your risks.
A good DDoS mitigation provider should be able to detect the early warnings of an attack and start acting on it. They should also be able to customize the solution depending on the website and traffic pattern of your website. During and after the attack, the solution provider should be able to give you a detailed report on the attack, the steps taken and a portal for monitoring the activities. You should also calculate the total cost of ownership the solution is providing. After all, it is not necessary that you should be paying through your nose for a good DDoS mitigation solution provider!