Distributed denial-of-service (DDoS) mitigation remains a top priority for enterprises, as attackers are leveraging both cloud services and Internet of Things devices to deliver DDoS attacks. CSO notes that the most recent generation of pulse-wave attacks can reach traffic speeds of 350 gigabits per second with virtually no lead-up time — making it almost impossible for appliance-first, cloud-second hybrid deployments to cope. And according to SC Magazine, almost 40 percent of critical infrastructure providers aren’t prepared to deal with denial of service.
The result? Just one minute of downtime can cost enterprises approximately $22,000, with most attacks lasting almost an hour, reports BetaNews. How can organizations effectively deny cybercriminals while protecting critical network services?
The goal of DDoS attacks is simple: Deny users access to critical internet-facing systems by flooding them with traffic. It’s not a new idea, but it has gained new ground thanks to the rapid uptake of IoT devices using stock security permissions — or no security at all. Coupled with a mature cloud market, it’s now possible for attackers to generate massive traffic volumes quickly and overwhelm most corporate stacks. There are four basic attack types:
- Flooding: Attackers send huge traffic volumes to enterprise networks, crashing them and rendering them inaccessible.
- Amplification: Attackers use publicly accessible domain name systems and send UDP packets to target networks. They then inflate the size of packets to amplify their impact and reduce the total amount of traffic they need to accomplish their mission. Often, packet origins are spoofed to conceal attacker locations or defeat firewalls.
- Pulse: Pulse-wave attacks use short-term bursts of traffic to quickly overwhelm corporate defenses. Pulses are sent every 10 minutes over a period of hours or days — effectively keeping networks offline and users frustrated, CSO reports. By coordinating resources to deliver simultaneous, near-instant attacks, it becomes almost impossible for fail-safe systems to shift traffic from critical servers to cloud alternatives.
- Distraction: These attacks are designed to keep IT department focus on failing networks and traffic spikes while other pieces of malware — such as ransomware or Trojans — are installed in the background. They persist for only a few hours but can leave behind potential problems which go undetected for weeks or months.
Migration and Mitigation
Unfortunately, it’s impossible to predict every attack or develop perfectly secure defenses. Attackers are leveraging distributed attacks because they’re working well; the combination of low-security IoT devices, ubiquitous mobile use and increasing cloud adoption makes this the ideal environment for traffic-based trouble. However, if companies start frustrating the bulk of these attacks, malicious actors will look elsewhere.
According to Forbes, there are several common ways to defend against distributed attacks. The most popular method is through scrubbing centers provided by a third-party or corporate ISP, which redirects DDoS traffic to specific servers, scrubs out the bad traffic and returns only useful traffic. Enterprises can also make use of content delivery networks (CDNs). The global reach of these networks coupled with the sheer number of servers hosting shared data makes it difficult for even large-scale attacks to take down sites and services. However, unless enterprises use CDN services for day-to-day operations, the time and cost required to maintain them can be prohibitive.
To combat emerging threats such as pulse-wave attacks, security providers are now developing network integration and communications-as-a-service solutions. Network integration enables enterprises to build dynamic hybrid networks and increase their resistance to DDoS efforts, while resiliency communications as a service ensures the right response teams are immediately activated in the event of a large-scale attack.
Enterprise distributed attacks are rising as cybercriminals discover vulnerable hybrid networks and appliances. With mitigation, companies can make it hard for attackers to bring down corporate networks through a combination of traffic scrubbing, redundant hosting, dynamic networks and cloud-based communication.