These days, the dependency and availability of internet services drives business completely. Without it, organisations are rendered inoperable, so when a server goes down or a virus invades, the consequences are epidemic as processes are put into disarray. One of the chief weapons of hackers is a distributed denial-of-service (DDoS) attack, which uses multiple computers and internet connections to flood the target.

‘Make no mistake. DDoS attacks are a real threat and organisations should be concerned,’ says Bryan Hamman, Arbor Networks’ territory manager for sub-Saharan Africa. ‘DDoS attacks are aimed at exhausting the resources available on an organisation’s network, application or service so that genuine users cannot gain access.’

As a company dedicated to providing attack protection products and services for the enterprise, cloud hosting and service provider markets, Arbor has earned a solid reputation for being able to effectively provide the right scalability and pricing to meet the DDoS protection needs of any organisation operating online.

Hamman says that since Arbor began tracking DDoS attacks in 2005, the total attack size has grown by an astonishing 7 900%, equating to a CAGR of 44%. ‘In the past five years alone, DDoS attacks have increased to a CAGR rate of 68%,’ he says.

This also applies to Africa and the Middle East – in fact, the regions’ wide embrace of cloud-based architecture potentially puts them at even greater risk.

‘Arbor’s latest Worldwide Infrastructure Security Report has determined that DDoS attacks targeting cloud-based services have grown from 9% of respondents two years ago to 29% last year, and they are already up to 33% this year,’ says Hamman.

Cloud computing offers myriad dynamic and positive implications in terms of business agility. However, it also widens the threat surface and makes DDoS attacks more likely.

Assuming ‘it won’t happen to me’ is an apathetic approach that Hamman considers particularly dangerous, as is the belief that a firewall or IPS will keep an organisation safe. Not so, he says.

‘Traditional perimeter security solutions are certainly vital aspects of an integrated security set-up, but they’re not designed to cater specifically for DDoS attacks. Internet service providers also do not guarantee protection due to the nature of how modern attacks are designed, which essentially are multi- and application-layered attack vectors. These can only be properly managed at the customer’s premises.’

A further misnomer is the idea that the costs of DDoS protection outweigh the impact of attacks. Many organisations address DDoS protection only after they have fallen victim to an attack.

Underestimating the combined impact of DDoS attacks has serious implications across various levels, including direct financial loss; costs of recovery; brand damage and loss of consumer trust; supply chain disruption; contract fines from SLA breaches; and regulatory fines from compliance breaches.

‘Any degree of hubris towards DDoS makes an organisation particularly vulnerable. Large enterprises aren’t the only targets of malicious DDoS attacks either,’ says Hamman.

‘Almost every type of business or industry sector – be that corporates, small businesses, banks, governments, hospitals, universities, schools or non-profits – has suffered debilitating attacks in the past number of years.’

Hamman points out, however, that some industry verticals appear to be targeted more frequently, including retailers, financial services and gaming companies. Government institutions are particularly vulnerable to ‘hacktivism’ attempts by DDoS attackers, motivated by political or ideological reasons.

‘For cloud and hosting companies, the stakes are even higher,’ says Hamman. ‘These types of companies carry the biggest risk as they effectively aggregate the risk of all their cloud customers, so a DDoS attack on one customer in their environment can potentially affect other users.’

According to 2016 research by Arbor, 21% of data centre respondents saw more than 50 attacks per month, compared to 8% the year prior.

DDoS attacks can be carried out in thousands of different ways. More than a quarter of attacks are actually diversion tactics or smokescreens to cover up the exfiltration of confidential data. ‘Today’s sophisticated attacker most often uses a combination of techniques so that a complicated inter-relationship with other forms of advanced threats manifests,’ says Hamman.

The bottom line is that no one is safe, and relying on an existing suite of cybersecurity tools is akin to leaving your backdoor open. ‘You need to protect your network resources 24/7 through a multi-layer deployment of purpose-built DDoS mitigation solutions,’ he says.

‘A multi-layered deployment would consist of an on-premises as well as cloud-based intelligent DDoS mitigation system.’

There are a number of broader frameworks of principles and activities that Arbor advises clients incorporate into their security postures. First, however, research is required to ensure a good understanding of possible threats. This includes knowing the types of attacks common to an industry, the current trends and motives behind them. Cybercriminals are known to actively seek out soft targets, which is why the basic principles of good network security must be put in place. ‘Do the basics, brilliantly’ is Arbor’s mantra.

‘Secure all network devices and change default passwords. And rather than using Telnet, FTP and HTTP, rather use SSH, SFTP and HTTPS,’ says Hamman.

Three other principles apply. The first is knowing your network, which involves a comprehension of network traffic at different times of the day or month, so that triggers can be set for suspicious activity. Secondly, having a DDoS defence plan requires regular updates, incorporating a clear incident-handling process that describes all interactions and steps to be taken in terms of blocking and neutralising DDoS attacks.

Last but certainly not least is automating communication with customers. Hamman explains that customers tend to be more forgiving if an organisation has at least made some attempt to communicate an issue. ‘Through push-channels like email, SMS or in-app messaging, you can notify affected users once you are back online.’

DDoS threats escalate daily, and more recently, the trend of using what Hamman describes as a ‘weaponised’ internet of things (IoT) in DDoS attacks has also become more popular.

Consider this – according to research and advisory firm Gartner, more than 20 billion connected devices are expected to be in use by 2020, which will ‘fundamentally change the way we live and work. On the other side of the coin, it thrusts us into a new realm of cyberthreats’, says Hamman.

The implications thereof are rather scary… ‘Suddenly it’s possible to weaponise hundreds of thousands, millions or even billions of IoT devices, creating marauding zombie armies that can haul down servers with sustained DDoS attacks.

‘IoT cybercrime capitalises on weak default passwords of many mass-market surveillance cameras, routers and digital video recorders – infiltrating them with malware and then using those to launch well-orchestrated DDoS attacks.

‘Ultimately, these threats are likely to thrive over the coming years as they exploit weaknesses in two major areas – the hardware of the connected devices themselves, and the lack of DDoS resistance tools within the targeted victim’s set-up.’

‘Like all forms of cybercrime, DDoS is a reality in the digital era,’ says Hamman.

‘With the investor community generally well aware of this, the focus for Arbor when analysing local companies is often on the tools and practices that an organisation has developed to protect itself from emerging threats and elevate its levels of governance, risk management, regulatory compliance and data security.’

By Kerry Dimmer
Image: Chris Bezuidenhout