The National Small Business Association (NBSA) recently released a report revealing that half of all small businesses have been the victim of a cyber-attack – and the cost of dealing with these attacks has skyrocketed to $20,752 per attack. In about a third of attacks, the victim’s website was taken down, often for days. The impact of such outages cannot be measured by the immediate lost revenue alone, as the long term impact of the harm to your reputation and customer loss cannot be easily calculated.
Verisign outlined its vision for a revolutionary new approach to Distributed Denial of Service (DDoS) protection by announcing the availability of the Verisign OpenHybrid™ architecture, which helps organizations protect their critical assets and applications across distributed environments from DDoS attacks, using a single solution. By integrating intelligence from a customer’s existing security defenses, Verisign OpenHybrid™ provides timely detection and restoration of services in the event of an attack, while providing increased visibility of DDoS threats across multiple environments such as private datacenters and public clouds.
In an earlier blog post on the topic, I noted the increasing scale and complexity of DDoS attacks, and the strong need for organizations to enable awareness and mitigation of attacks across on-premise devices, in addition to both public and private cloud environments using standards based open protocols.
Today we are pleased to announce two important updates in our path toward enabling open DDoS protection: the availability of Verisign OpenHybrid™ for Corero SmartWall TDS and Verisign OpenHybrid™ for customers hosted in the Amazon Web Services Elastic Compute Cloud.
Verisign just released our Q4 2014 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services, and the security research of iDefense Security Intelligence Services. Many notable observations were made, including a rise in the average size of DDoS attacks against our customers; the most common attack vector continued to be User Datagram Protocol (UDP) amplification attacks leveraging Network Time Protocol (NTP), while Simple Service Discovery Protocol (SSDP) also continued to be exploited. Verisign also mitigated more attacks in December than any other month in 2014.
The most notable observation, however, is that public-sector customers experienced the largest increase in attacks, constituting 15 percent of total mitigations in Q4. Verisign believes the steep increase in the number of DDoS attacks levied at the public sector may be attributed to attackers’ increased use of DDoS attacks as tactics for politically motivated activism, or hacktivism, against various international governing organizations, as well as in reaction to various well-publicized events throughout the quarter, including protests in Hong Kong and Ferguson, Missouri. As outlined in iDefense’s 2015 Cyber Threats and Trends blog post, the convergence of online and physical protest movements contributed to the increased use of DDoS as a tactic against organizations, including the public sector, throughout 2014.
Distributed Denial of Service (DDoS) attacks are a threat to businesses worldwide and the attacks are getting larger and more sophisticated. The industry’s approach to protecting against DDoS attacks must change, and change fundamentally, to stay ahead of this growing threat.
For too long, the problem has been tackled piecemeal, using isolated devices or services. But protecting against DDoS attacks increasingly requires communication and coordination between many components – from networking equipment, to specialized appliances and cloud-based services.
A shift in security architecture is needed to an open platform where devices and services from different vendors can share and act on information in concert. It must be a hybrid platform, allowing on-premise routers and security appliances to detect and mitigate attacks locally, while automating alerting and switchover to cloud-based services if an attack threatens to swamp the business’ network connection.
Verisign just released its Q3 2014 DDoS Trends Report, which details observations and insights derived from distributed denial of service attack mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services from July through September of this year. Many notable observations were made, including a rise in the average number of attacks per customer, exploitation of the recently publicized SSDP vulnerability and some notable malicious code trends that will likely contribute to increased DDoS attack activity in the future.
If there is one trend in the cybersecurity world over the last 12 to 18 months that cannot be ignored, it is the increasing prevalence and destructive power of amplification-based distributed denial of service (DDoS) attacks.
An amplification attack is a two-part DDoS attack that generally uses the User Datagram Protocol (UDP). An attacker first sends a large number of small requests to unsuspecting third-party servers on the internet. The attacker crafts these requests to result in large responses, but they are otherwise normal except that their source addresses are rewritten (spoofed) so they appear to have come from the victim instead of the attacker. When all the third-party servers send their large responses to the victim, the resulting amount of traffic is much more than the attacker could have generated alone. These attacks often overwhelm the resources of the victim, as attacks in the hundreds of gigabits per second (Gbps) are possible using this method.
In our observations, working with customers and industry partners, we have seen DDoS attacks continue to grow in size and frequency over the last few years. Further, attackers have expanded their reach from traditionally enterprise and nation-state targets to include companies of all types and sizes. As attackers evolve their sophisticated techniques and attack vectors, companies that don’t have the major bandwidth or expertise to combat these attacks are at a major disadvantage.
You may have seen the news this morning that we have joined forces with Juniper Networks to provide a comprehensive, always on, DDoS solution. At Verisign, we focus on protecting companies from increasingly complex cyber threats, and this relationship should only raise the bar higher, as it will provide a different, more integrated approach than what’s used today, to help ensure faster and more efficient detection and mitigation.
With the ease of access to the internet and prevalence of social media today, unsuspecting computer users are making it easier than ever for malicious actors to target them with malcode. This trend has helped provide the perfect environment for Distributed Denial of Service (DDoS) attacks to grow in size, complexity and range of targets. Today’s attacks are not limited to web infrastructure; attackers are increasingly targeting the Domain Name System (DNS) infrastructure as well. This trend has been particularly noticeable in the financial industry, which has been hit hard over the last year.