Article / Risk Management
Denial of Service Attacks: The Growing Threat

Companies need to re-evaluate their defences against distributed denial of service (DDos) attacks.

This follows a spate of DDos attacks towards the end of 2016, which were larger than any we had seen before.

DDos attacks involve flooding a website with traffic to prevent legitimate users from being able to access it. Imagine jamming so much gunk into a drain pipe that water can’t pass through. It’s like that – in cyber space.

Many large companies with sophisticated cyber defences used to prepare for DDos attacks of around 200Gbps (gigabits per second). Until recently the largest-known attack was about 500Gbps. We’re now seeing DDos attacks of between 600Gbps and 1Tbps (terabits per second).

An attack of this size would blow most companies’ cyber defences out of the water. A third-party provider of cyber defence might fare no better.

The business interruption (BI) caused by one of these attacks could be enormous, particular for companies whose sales pipeline is largely internet-based. And it’s not just the directly attacked companies that might be disrupted.

Death by a thousand cuts

In September 2016 we saw the world’s largest single targeted DDos attack. Security blog Krebs on Security – a regular exposer of cyber criminals – was flooded with more than 650Gbps of traffic.

Krebs on Security used cloud-hosting giant Akamai Technologies to protect against DDos attacks. However, the attack was nearly twice as big as any Akamai Technologies had seen. In the end Akamai Technologies cut off the Krebs on Security website, and Google had to step in and mitigate the attack.

Then in October 2016, a huge number of internet-connected devices – from security cameras and video recorders to home routers – were hijacked and used to direct huge amounts of junk traffic at servers operated by US-based Dyn.

Dyn provides domain name system (DNS) services for various websites. When one of these websites is visited, Dyn helps the visitor’s browser or app find the right system to connect to.

So when Dyn went down, hundreds of websites – including those belonging to GitHub, Twitter, Reddit, Netflix, AirBnb – became inaccessible for several hours.

The increase in frequency and scale of DDos attacks could well continue in 2017, because the underlying cause is not going away.

Smart weapons

The driver of these DDos attacks is the Internet of Things (IoT). The proliferation of smart devices (TVs, fridges and so on) has provided cyber gangs with far more potential weapons than when a PC was our main way of accessing the internet.

The attacks against Krebs on Security and Dyn were initiated from IoT devices compromised by the Mirai botnet malware. Mirai malware targets and enslaves IoT devices – such as routers, digital video records and webcams/security cameras – and then uses them to conduct DDoS attacks.

Smart devices, while convenient, are not built with rigorous security in mind. Their front doors are weaker than most people imagine. In some cases, cyber gangs can pretty much walk straight in by logging into devices using their factory-set passwords – which many people still don’t change.

Game changer

The scale of these attacks means there is currently no real mitigation. It really is a game changer that’s happened in just the last few months.

With the proliferation of smart devices only likely to increase, unless we’re careful we might be giving cyber gangs even more toys to play with.

There is a lot of onus on smart device manufacturers to improve the security of these devices. Part of manufacturers’ response is likely to involve trying to foster better cyber security awareness among customers – for example, by encouraging all users to change passwords and providing the facility to automatically patch a device when a vulnerability is detected.

But this will not happen overnight. In any case, current IoT devices often don’t have the memory and processing to be secured properly. Even if every user changed their passwords on smart devices, it would still be relatively easy for adversaries to compromise them – and it would be very difficult to detect when that happens.

The key infrastructure providers of the internet will also need to identify and implement effective ways of detecting and controlling such attacks. Only a combined effort has a chance of success.

Next steps

So what practical steps can companies take to minimise the threat of DDos attacks?

If you have a DDos attack mitigation plan, now is the time to re-examine it. In light of recent attacks, your plan might be insufficient.

Do you have a business continuity (BC) plan in place that covers a large-scale DDos attack on your company? After an attack, how would you continue to trade, and how would you inform customers of what had happened?

And if you outsource your attack mitigation to a third-party provider – talk to them as soon as possible. Is your provider aware of these recent attacks and, if so, what is it doing in response? How confident is the provider that it can mitigate a DDos attack of 500, 600 or even 700Gbps? How exposed is the provider, itself, to such an attack? What is your contractual position? Would your provider drop your sites to protect their service?

If you don’t have a DDos attack mitigation or a BC plan in place – now is the time to implement one.

The recent Allianz Risk Barometer listed BI as the top global risk for the fifth year running. It also noted that the number of non-physical causes of BI was only likely to increase. Look no further than DDos attacks – what we’ve seen so far could be just the beginning.

    
< Back to Insights & Publications
Discover more Insights & Publications  |  Read more in the Lockton Newsroom  |  See our Client Stories
Read more in the Lockton Newsroom
See our Client Stories