Distributed denial-of-service, or DDoS, attacks are on the rise, and gaining in frequency and complexity. Fortunately, they present a real opportunity for service providers to yield a quantifiable benefit to just about every enterprise customer in just about any vertical market imaginable.
DDoS attacks have become the weapon of choice for computer hackers with a beef against religious organizations, governments, banks, and multinational corporations, among others. Early last month 13 so-called hacktivists from the collective known as Anonymous—Reuters reported that the alleged hackers run the gamut in age, from 21 to 65—were indicted in federal court in Alexandria, Va., for their DDoS attacks on the likes of the U.S. Copyright Office; the Library of Congress; the Recording Industry Association of America (RIAA) and the UK's British Recorded Music Industry (BPI); the Motion Picture Association of America (MPAA); and big dogs of the financial-services sector, including Visa, MasterCard and Bank of America. The attacks, nicknamed “Operation Payback” by Anonymous, were originally a reaction to adversaries of digital piracy and the shutdown, albeit a temporary one, of the file-sharing site the Pirate Bay in 2010.
In August the China Internet Network Information Center was bombarded by a DDoS attack that crippled the country’s state-run internet service for more than four hours. Although these kinds of attacks have been happening since the ’90s, they’re still very much a threat to network and enterprise security, and the responsibility ultimately rests with service providers to (1) detect the traffic spikes that are the calling card of DDoS attacks of all flavors and (2) mitigate the damage.
“Attacks are driven by multiple motivations: hacktivists, who target enterprises to protest; [the] financially motivated—carried out by organized crime—who look for financial gains and competitive advantage; and script kiddies, who look for fun and fame,” Ron Meyran, director of security solutions at Radware, told Pipeline. “Eventually, most DDoS attacks are generated by distributed botnets, while some are generated from people’s own computers, such as when talking about groups such as Anonymous.”
Radware’s numbers show that DDoS attacks have doubled in the past year, but the reason for the uptick isn’t solely due to the growing number of hacktivists with an ax to grind.
“I suspect that a significant portion of this increase is because organizations are just now becoming aware that the slowdowns they suffered are actually attacks,” Meyran said. “In many cases, organizations don’t have the tools to identify why the infrastructure is slowing down ... they think it’s a technical problem, then it stops and they think they’ve fixed the problem.”
Figures 1 and 2 below are taken from Radware’s “2012 Global Application and Network Security Report” for which the company’s Emergency Response Team (ERT) conducted surveys with enterprises.
Aside from the sheer number of attempted DDoS attacks, the most troubling aspect may be their increasing sophistication.
“Absolutely, DDoS attacks are becoming more dangerous to enterprises,” Meyran said. “We see significant increases in attack complexity and duration of attack campaigns.” Indeed, attacks lasting more than one week doubled from 2011 to 2012, a year in which they employed “more complex attack vectors—note the number of attacks with a complexity level of 7-10.”
He added that this new wave of longer, stronger DDoS attacks target the main weakness of most enterprises: they are not capable of sustaining a long-lasting attack campaign, nor do they have the protection tools or the expertise to fend off emerging attack vectors.
Service providers can now supply their enterprise customers with meaningful DDoS scrubbing, monitoring and protection. There’s a clear case to be made that enterprises without robust protection from DDoS attacks are making themselves vulnerable to a credible, not to mention expensive, threat.
Neustar’s “2012 Annual DDoS Attack and Impact Survey: A Year-to-Year Analysis” revealed that a whopping 35 percent of the companies it surveyed fell victim to an attack last year. Meanwhile, 39 percent of retailers were successfully targeted (up from 16 percent just one year earlier), and 41 percent of e-commerce businesses reported that they’d been hit.
The economic impact of these attacks is potentially devastating. Seventy-four percent of the enterprises surveyed by Neustar said that a DDoS attack and subsequent shutdown of their websites would cost them up to $10,000 per hour, while the other 26 percent said the hourly figure would range anywhere from $50,000 to $100,000.
“With the number of high-profile attacks steadily increasing, the market for DDoS prevention solutions has seen steady growth,” said John Grady, research manager of security products and services for IDC, in a report the market-research firm published in March. IDC predicts that this market will continue to expand over the next four years, and, Grady added, it “believes a defense-in-depth posture with a combination of on-premise equipment and cloud-based mitigation provides the best protection against advanced application and SSL-based attacks as well as large-scale volumetric attacks.”
Infonetics Research agrees, stating in its “DDoS Prevention Appliances Report” earlier this year that global revenue grew 30 percent in 2012, for a total of $275 million. It identified the top two vendors as Arbor Networks and Radware but pointed out that Juniper Networks, with its February acquisition of Webscreen Systems, is hot on the leaders’ heels along with F5 Networks and Fortinet.
“DDoS prevention appliances are the first line of defense against brute-force attacks like those we saw aimed at US financial institutions last September, and most service providers and large enterprises are investing heavily in them,” said Jeff Wilson, principal security analyst at Infonetics, in a July press release. “With the number, size and coverage of DDoS attacks on the rise, we expect revenue for DDoS prevention solutions to grow in the healthy double digits through 2014.”
The report indicates that DDoS protection for mobile networks will also rise—a compound annual growth rate (CAGR) of 25 percent between 2012 and 2017—thanks to massive increases in their capacity and their new role as highly visible targets for attacks.
“Many vendors are reporting sharp growth in direct sales to enterprises even though conventional wisdom says that large-enterprise customers are looking at cloud-based solutions for DDoS mitigation,” Wilson said. “There are many enterprise environments where data simply cannot leave privately owned networks and data centers to be scrubbed in the cloud, mostly for compliance reasons.”
That sentiment is echoed by Data Foundry, one of the latest service providers to adopt Radware’s DDoS protection solution.
“With the ever-increasing frequency of DDoS attacks, our customers across all vertical markets have asked for a solution to help them mitigate these attacks,” said Edward Henigin, the company’s chief technology officer. “Our clients will benefit from far greater levels of protection that is typically offered by the rudimentary anti-DDoS offerings available from cloud-scrubbing companies and network-infrastructure vendors.”
As the amount of DDoS attacks increase, as well as the costs that businesses incur because of them, service providers and network operators are in a position to offer solid protection to their enterprise customers. Whether a company finds itself in the crosshairs of a digital flash mob or falls victim to old-fashioned organized-crime syndicates, service providers can offer solutions to stop an attack at the edge of the network before the company even knows it was a target.