Distributed denial of service continues to be a problem for businesses large and small. These forms of attacks disrupt business, add overhead to operational costs, and further complicate doing business online.
DDoS attacks have rapidly evolved, and with it the need for advanced defense measures and techniques. It takes the right combination of talent, technology, and tools to stop an attack from crashing a website. As attacks grow in sophistication, so does the level of expertise required to stop one.
Attacks crash through resources and consume more than bandwidth. Many businesses find that the costs can become exponentially higher, both in terms of lost sales and the extra support that comes with having downtime and upset customers. Not to mention that DDoS protection services are relatively more expensive than traditional hosting.
There seems to be no end in site. DDoS attacks have increased over the years and have evolved into a cottage industry — “booter” services are freely available online, it’s being used for extortion, and DDoS attacks have even been used as subterfuge to draw attention away from breaches and other forms of attacks.
Any website has the potential to be affected by DDoS. By far, the most affected industries can be summed up with a rather small list. Of course, there are always outliers, but these industries seem to be affected the most:
Banking and Financial Services
The financial industry is especially vulnerable as they are targeted the most. Over the past few years we have seen numerous reports in the media regarding attacks on banks. Most notably were the attacks on banks at the hands of Al-Qassam Cyber Fighters. This group launched their campaign against banks in 2012. Their campaign was dubbed ‘Operation Ababil’ — and they have just launched Phase 4 of the attacks.
We’ve talked about the motivation of these attacks in the past, but another aspect of denial of service that banks and financial institutions deal with is DDoS attacks used as a distraction during breaches and to facilitate fraudulent transactions.
Internet Service Providers
Internet service providers are another target high up on the list. Most complex attacks that target a particular website will often move upstream if the website they are trying to takedown has adequate defense systems in place. Once they move upstream, often times this can cause the attack to spill over onto the network and affect other customers. Once this happens, ISPs will typically null-route the IP of the target site in order to stop the attack from affecting their network. This is why it is especially important to create a policy for dealing with attacks and to develop a contact point with your ISP in order to effectively deal with these situations.
Cloud Service Providers
Cloud hosting providers and infrastructure providers often face attacks. These usually involve complex layer 7 attacks that target applications. Because the attacks mimic human behavior they are the most difficult to analyze and stop. Without the proper protection and analysis software in place it is easy for these forms of attacks to pass by without raising suspicion. What complicates matters more is the fact that once the mitigation process begins to occur, legitimate visitors can give false positives and be blocked from the site.
Large Ecommerce Sites
Businesses in this category are moving up on the list of targeted sites. The most likely reason is that they stand more to lose as most do not have the level of protection a datacenter or financial institution would have in place. What’s more, when an attack happens they stand to lose. It is not uncommon for a large Ecommerce site to generate tens of thousands of dollars a day. Any downtime affects the bottom line tremendously.
Online Gambling Sites
The online gambling industry is a heavily affected industry and most of these attacks are centered around disruption or extortion. And, as we covered in our last post, the extortion emails are rather blatant.