- Email: [email protected]
DDoS attacks: past, present and future
FEATURE uk/news/advice-thwart-devastatingcyber-attacks-small-charities. 6. ‘Cyber Threat Assessment: UK Charity Sector’. National Cyber Security Centre, 1 Mar 2018. Accessed Jul 2018. www.ncsc.gov.uk/ guidance/cyber-threat-assessment-ukcharity-sector. 7. Ismail, Nick. ‘Cyber attacks become number 1 business risk’. Information Age, 6 Mar 2018. Accessed Jul
2018. www.information-age.com/ cyber-attacks-number-1-businessrisk-123471046/. 8. ‘WannaCry ransomware attack’. Wikipedia. Accessed Jul 2018. https://en.wikipedia.org/wiki/ WannaCry_ransomware_attack. 9. ‘Global Reports of WannaCry Ransomware Attacks’. Defensorum, 18 Sep 2017. Accessed Jul 2018. www.defensorum.com/global-reports-
wannacry-ransomware-attacks/. 10. ‘Investigation: WannaCry cyber attack and the NHS’. National Audit Office, 25 Apr 2018. Accessed Jul 2018. www.nao.org.uk/wp-content/ uploads/2017/10/InvestigationWannaCry-cyber-attack-and-theNHS-Summary.pdf. 11. Cyber Essentials, home page. Accessed Jul 2018. www.cyberessentials.ncsc.gov.uk.
DDoS attacks: past, present and future Anthony Chadd, Neustar Anthony Chadd
Recently, US web-based hosting service GitHub was hit by the largest distributed denial of service (DDoS) attack in history. It was subjected to a colossal 1.35Tbps flood of traffic: unknown hackers attempted to take the platform offline, resulting in major websites across large portions of the US being out of action for a number of hours. Although most attacks do not reach this scale, GitHub is an example of how DDoS attacks have established themselves as a major threat to organisations over the past few years and the detrimental impact they can have if hackers are successful. How, then, can businesses ensure they understand exactly what to look for in order to prevent such attacks being successful and protect their organisations?
most hit at least once in the past eight months.2 Dramatised further by the Mirai botnet of 2016, this new era of DDoS attacks has introduced a wave of concern for business-
es around the world that are looking over their shoulders and waiting for an attempt on their infrastructure to be made.
The many faces of DDoS While all DDoS attacks share some form of common ground – they work to flood
“It seems that more than four in five organisations have been hit by a DDoS attack, with most hit at least once in the past eight months” Recently identified by Accenture as being responsible for a significant share of the UK’s most damaging and expensive cyber-attacks, DDoS attacks have dramatically increased in both strength and regularity.1 In fact, when surveyed as part of the ‘Global DDoS Attack and Cyber-security Report’, it seems that more than four in five organisations have been hit by a DDoS attack, with
July 2018
Time taken to detect DDoS attacks. Source: Neustar.
Network Security
13
FEATURE the bandwidth or resources of a targeted web server, either making a site very slow or shutting it down completely – the motive behind each attack can vary. However, while there is much variety to look out for, one of the most common forms of attack is dual-purpose: using an initial DDoS hit to then plant ransomware, viruses or malware, therefore causing greater disruption over a longer period of time. Recent research found that businesses subjected just once to a DDoS attack had a 35% chance of seeing malware activated, and a 52% chance of experiencing a virus. They might not be subject to just malware; 92% of organisations that experienced these multi-vector attacks also reported theft of customer data, financial assets and intellectual property, making them even more vulnerable to future security risks.
“Security researchers have recently raised the alarm about a huge new Internet of Things (IoT) botnet discovered last year called Satori. Even low-level cybercriminals could launch a potentially devastating attack, with little effort” As DDoS attacks have gained traction across the cyber landscape, the variety of threats has also expanded, bringing to light new methods and motives. In February this year, the first documented native IPv6 DDoS attack occurred, originating from around 1,900 native IPv6 hosts on more than 650 different networks. The total number of possible IPv6 addresses is more than 7.9x1028 times as many as IPv4, making a considerably greater attack volume possible. The attack demonstrates the innovative methods being used by hackers to corrupt systems and highlights things to come, leaving businesses with yet another challenge on their hands. In addition, security researchers have recently raised the alarm about a huge new Internet of Things (IoT) botnet discovered last year called Satori, the successor to the Mirai DDoS botnet. While 14
Network Security
Changes in defensive strategies. Source: Neustar.
the malware behind Mirai was sophisticated, Satori represents a major leap in capabilities, meaning even low-level cyber-criminals could launch a potentially devastating attack, with little effort.
Detect and protect With the stakes higher than ever before and as hackers show no signs of retiring from cybercrime anytime soon, it is essential that businesses understand exactly how to detect and protect themselves from DDoS threats that could be lurking just around the corner. Identifying this technical need across an organisation also helps to factor the solutions and costs into wider IT strategies and budgets while ensuring maximum protection. Spending across cyber-security is on the up and for as long as threats such as Mirai exist, will continue to grow in importance. However, for companies that don’t want to break the bank, lowcost services do exist in the form of content delivery network (CDN) services. While inexpensive, clean bandwidth or pipe solutions – delivered by IPS and content delivery network services – still guard against attacks, they are generally limited to smaller-scale threats.
Is cloud king? Aside from content delivery network services, another secure and economical solution to protecting against DDoS threats is on-demand cloud, which
works by redirecting traffic to a mitigation cloud. Despite relying heavily on rapid failover to the cloud in order to escape from any downtime, on-demand cloud processes can be automated by combining an organisation’s router and the mitigation partner. Outside of the cloud, a hybrid mitigation plan is the recommended choice and comprises a mitigation appliance and cloud protection. This plan will halt any form of DDoS attack and automatically activate cloud mitigation if the circuit is threatened. To complete the full cyber-security package, it is crucial to have a unified, always-on security operations centre, with real-time monitoring and reporting. This way, should an attack be attempted, organisations are made aware instantly and stand a better chance of mitigating it.
An education in cybercrime While a lot of progress has been made in recent years to fight cybercrime, there is still a long way to go before companies are clear about the measures that need to be implemented to protect their businesses. Alarmingly, when it came to the four in five organisations that had been hit by a DDoS attack in recent months, 36% of them admitted to being completely in the dark about the attacks, only finding out from their customers.
July 2018
FEATURE The good news is that by 2023, cybersecurity firms are expected to take up around 1 million square feet of office space in the UK and some businesses are starting to give cyber-security the attention it deserves.3 In a recent survey, nearly three quarters (73%) of respondents claimed that recent cyber-attacks have changed the way they approach protecting their organisation.
“To stand a chance at winning in the cyberwar, organisations should place as much emphasis on cybersecurity as they do on any other part of their business, whether it is finance or HR” DDoS attacks have reached new levels in the past year, advancing in both style and severity, with recent trends indicating we can expect to see more of
the same in 2018. To stand a chance at winning in the cyberwar, organisations should place as much emphasis on cyber-security as they do on any other part of their business, whether it is finance or HR. Failure to give cyber-security the attention it deserves will not only leave businesses at risk of being the next victim of a DDoS attack, but also exposes them to wider knock-on reputational and financial damage.
About the author Anthony Chadd is senior director of EMEA at Neustar (www.security.neustar), a global information services provider. He has been involved in providing IT software, hardware and managed services for over 18 years. Having supplied Neustar’s security services for the past eight years, Chadd has worked with some of the largest online sites in the world, helping them with their DDoS mitigation strategies.
References 1. ‘Cyberthreat-scape report: midyear cyber-security risk review forecast and remediation. Accenture, 2017. Accessed Mar 2018. www.accenture. com/t20170926T072836Z__w__/ gr-en/_acnmedia/PDF-61/ Accenture-CyberThreatScapeReport. pdf. 2. ‘Global DDoS Attacks & Cyber-security Insights Report’. Neustar, Oct 2017. Accessed Mar 2018. https://hello.neustar. biz/201710-Security-SolutionsSiteprotect-DDoS-2H2017-Report-LP.html. 3. ‘Cyber-security firms to take 1m sq ft of offices in UK regions by 2023’. The Telegraph, Mar 2018. Accessed Mar 2018. www.telegraph.co.uk/ business/2018/03/18/cyber-securityfirms-take-1m-sq-ft-offices-ukregions-2023/.
DevOps: finding room for security Steve Mansfield-Devine, editor, Network Security DevOps is everywhere, it seems. As one of the most ubiquitous trends in software development of the past few years, its adoption has been spurred on by promises of faster roll-outs, greater agility and responsiveness and significant gains in efficiency. With developers and operational staff collaborating on continuous integration/continuous delivery (CI/CD) workflows, software will be both more dependable and more aligned with business needs – so it’s claimed. But as Meera Rao, a senior principal consultant at Synopsys, explains in this interview, there is a certain lack of clarity around what DevOps really means. And in the excitement about its claimed benefits, security is often overlooked. Synopsys recently commissioned a report to look at the state of DevSecOps, where security is an integrated part of the process.1 One key conclusion is that there is still much room for improvement in this area. And one possible reason for that can be found by examining organisations’ motivations for doing DevOps in the first place. “Most organisations just want to join the wave. They see a competitor company doing DevOps and think ‘why
July 2018
don’t I join the trend?’,” says Rao. “But what I have seen over the past 10 years doing CI, CD and DevOps is that many companies have no clear definition of what it means to do DevOps. A lot of organisations that are doing a bit of continuous integration or static analysis think they’re doing DevOps. They don’t realise that the whole thing – whether you’re talking about continuous integration or delivery or deployment – is completely different from what DevOps
Steve MansfieldDevine
actually focuses on. The culture, the role, the emphasis on responsiveness are all lacking. The operations team doesn’t even talk to the development team. But people just love the word ‘DevOps’, or even the phrase ‘shift left’.” While the survey shows around half of organisations (depending on sector) claiming to employ DevOps, Rao’s experience suggests that maybe a fifth are “doing real DevOps where there is continuous collaboration, continuous communication with respect to the dev team and the operations team”, and even then often in small, siloed teams within a much larger developer population. The rest are “using a little bit of continuous integration, doing a little bit of continuous delivery,” she says.
Network Security
15
2018. www.information-age.com/ cyber-attacks-number-1-businessrisk-123471046/. 8. ‘WannaCry ransomware attack’. Wikipedia. Accessed Jul 2018. https://en.wikipedia.org/wiki/ WannaCry_ransomware_attack. 9. ‘Global Reports of WannaCry Ransomware Attacks’. Defensorum, 18 Sep 2017. Accessed Jul 2018. www.defensorum.com/global-reports-
wannacry-ransomware-attacks/. 10. ‘Investigation: WannaCry cyber attack and the NHS’. National Audit Office, 25 Apr 2018. Accessed Jul 2018. www.nao.org.uk/wp-content/ uploads/2017/10/InvestigationWannaCry-cyber-attack-and-theNHS-Summary.pdf. 11. Cyber Essentials, home page. Accessed Jul 2018. www.cyberessentials.ncsc.gov.uk.
DDoS attacks: past, present and future Anthony Chadd, Neustar Anthony Chadd
Recently, US web-based hosting service GitHub was hit by the largest distributed denial of service (DDoS) attack in history. It was subjected to a colossal 1.35Tbps flood of traffic: unknown hackers attempted to take the platform offline, resulting in major websites across large portions of the US being out of action for a number of hours. Although most attacks do not reach this scale, GitHub is an example of how DDoS attacks have established themselves as a major threat to organisations over the past few years and the detrimental impact they can have if hackers are successful. How, then, can businesses ensure they understand exactly what to look for in order to prevent such attacks being successful and protect their organisations?
most hit at least once in the past eight months.2 Dramatised further by the Mirai botnet of 2016, this new era of DDoS attacks has introduced a wave of concern for business-
es around the world that are looking over their shoulders and waiting for an attempt on their infrastructure to be made.
The many faces of DDoS While all DDoS attacks share some form of common ground – they work to flood
“It seems that more than four in five organisations have been hit by a DDoS attack, with most hit at least once in the past eight months” Recently identified by Accenture as being responsible for a significant share of the UK’s most damaging and expensive cyber-attacks, DDoS attacks have dramatically increased in both strength and regularity.1 In fact, when surveyed as part of the ‘Global DDoS Attack and Cyber-security Report’, it seems that more than four in five organisations have been hit by a DDoS attack, with
July 2018
Time taken to detect DDoS attacks. Source: Neustar.
Network Security
13
FEATURE the bandwidth or resources of a targeted web server, either making a site very slow or shutting it down completely – the motive behind each attack can vary. However, while there is much variety to look out for, one of the most common forms of attack is dual-purpose: using an initial DDoS hit to then plant ransomware, viruses or malware, therefore causing greater disruption over a longer period of time. Recent research found that businesses subjected just once to a DDoS attack had a 35% chance of seeing malware activated, and a 52% chance of experiencing a virus. They might not be subject to just malware; 92% of organisations that experienced these multi-vector attacks also reported theft of customer data, financial assets and intellectual property, making them even more vulnerable to future security risks.
“Security researchers have recently raised the alarm about a huge new Internet of Things (IoT) botnet discovered last year called Satori. Even low-level cybercriminals could launch a potentially devastating attack, with little effort” As DDoS attacks have gained traction across the cyber landscape, the variety of threats has also expanded, bringing to light new methods and motives. In February this year, the first documented native IPv6 DDoS attack occurred, originating from around 1,900 native IPv6 hosts on more than 650 different networks. The total number of possible IPv6 addresses is more than 7.9x1028 times as many as IPv4, making a considerably greater attack volume possible. The attack demonstrates the innovative methods being used by hackers to corrupt systems and highlights things to come, leaving businesses with yet another challenge on their hands. In addition, security researchers have recently raised the alarm about a huge new Internet of Things (IoT) botnet discovered last year called Satori, the successor to the Mirai DDoS botnet. While 14
Network Security
Changes in defensive strategies. Source: Neustar.
the malware behind Mirai was sophisticated, Satori represents a major leap in capabilities, meaning even low-level cyber-criminals could launch a potentially devastating attack, with little effort.
Detect and protect With the stakes higher than ever before and as hackers show no signs of retiring from cybercrime anytime soon, it is essential that businesses understand exactly how to detect and protect themselves from DDoS threats that could be lurking just around the corner. Identifying this technical need across an organisation also helps to factor the solutions and costs into wider IT strategies and budgets while ensuring maximum protection. Spending across cyber-security is on the up and for as long as threats such as Mirai exist, will continue to grow in importance. However, for companies that don’t want to break the bank, lowcost services do exist in the form of content delivery network (CDN) services. While inexpensive, clean bandwidth or pipe solutions – delivered by IPS and content delivery network services – still guard against attacks, they are generally limited to smaller-scale threats.
Is cloud king? Aside from content delivery network services, another secure and economical solution to protecting against DDoS threats is on-demand cloud, which
works by redirecting traffic to a mitigation cloud. Despite relying heavily on rapid failover to the cloud in order to escape from any downtime, on-demand cloud processes can be automated by combining an organisation’s router and the mitigation partner. Outside of the cloud, a hybrid mitigation plan is the recommended choice and comprises a mitigation appliance and cloud protection. This plan will halt any form of DDoS attack and automatically activate cloud mitigation if the circuit is threatened. To complete the full cyber-security package, it is crucial to have a unified, always-on security operations centre, with real-time monitoring and reporting. This way, should an attack be attempted, organisations are made aware instantly and stand a better chance of mitigating it.
An education in cybercrime While a lot of progress has been made in recent years to fight cybercrime, there is still a long way to go before companies are clear about the measures that need to be implemented to protect their businesses. Alarmingly, when it came to the four in five organisations that had been hit by a DDoS attack in recent months, 36% of them admitted to being completely in the dark about the attacks, only finding out from their customers.
July 2018
FEATURE The good news is that by 2023, cybersecurity firms are expected to take up around 1 million square feet of office space in the UK and some businesses are starting to give cyber-security the attention it deserves.3 In a recent survey, nearly three quarters (73%) of respondents claimed that recent cyber-attacks have changed the way they approach protecting their organisation.
“To stand a chance at winning in the cyberwar, organisations should place as much emphasis on cybersecurity as they do on any other part of their business, whether it is finance or HR” DDoS attacks have reached new levels in the past year, advancing in both style and severity, with recent trends indicating we can expect to see more of
the same in 2018. To stand a chance at winning in the cyberwar, organisations should place as much emphasis on cyber-security as they do on any other part of their business, whether it is finance or HR. Failure to give cyber-security the attention it deserves will not only leave businesses at risk of being the next victim of a DDoS attack, but also exposes them to wider knock-on reputational and financial damage.
About the author Anthony Chadd is senior director of EMEA at Neustar (www.security.neustar), a global information services provider. He has been involved in providing IT software, hardware and managed services for over 18 years. Having supplied Neustar’s security services for the past eight years, Chadd has worked with some of the largest online sites in the world, helping them with their DDoS mitigation strategies.
References 1. ‘Cyberthreat-scape report: midyear cyber-security risk review forecast and remediation. Accenture, 2017. Accessed Mar 2018. www.accenture. com/t20170926T072836Z__w__/ gr-en/_acnmedia/PDF-61/ Accenture-CyberThreatScapeReport. pdf. 2. ‘Global DDoS Attacks & Cyber-security Insights Report’. Neustar, Oct 2017. Accessed Mar 2018. https://hello.neustar. biz/201710-Security-SolutionsSiteprotect-DDoS-2H2017-Report-LP.html. 3. ‘Cyber-security firms to take 1m sq ft of offices in UK regions by 2023’. The Telegraph, Mar 2018. Accessed Mar 2018. www.telegraph.co.uk/ business/2018/03/18/cyber-securityfirms-take-1m-sq-ft-offices-ukregions-2023/.
DevOps: finding room for security Steve Mansfield-Devine, editor, Network Security DevOps is everywhere, it seems. As one of the most ubiquitous trends in software development of the past few years, its adoption has been spurred on by promises of faster roll-outs, greater agility and responsiveness and significant gains in efficiency. With developers and operational staff collaborating on continuous integration/continuous delivery (CI/CD) workflows, software will be both more dependable and more aligned with business needs – so it’s claimed. But as Meera Rao, a senior principal consultant at Synopsys, explains in this interview, there is a certain lack of clarity around what DevOps really means. And in the excitement about its claimed benefits, security is often overlooked. Synopsys recently commissioned a report to look at the state of DevSecOps, where security is an integrated part of the process.1 One key conclusion is that there is still much room for improvement in this area. And one possible reason for that can be found by examining organisations’ motivations for doing DevOps in the first place. “Most organisations just want to join the wave. They see a competitor company doing DevOps and think ‘why
July 2018
don’t I join the trend?’,” says Rao. “But what I have seen over the past 10 years doing CI, CD and DevOps is that many companies have no clear definition of what it means to do DevOps. A lot of organisations that are doing a bit of continuous integration or static analysis think they’re doing DevOps. They don’t realise that the whole thing – whether you’re talking about continuous integration or delivery or deployment – is completely different from what DevOps
Steve MansfieldDevine
actually focuses on. The culture, the role, the emphasis on responsiveness are all lacking. The operations team doesn’t even talk to the development team. But people just love the word ‘DevOps’, or even the phrase ‘shift left’.” While the survey shows around half of organisations (depending on sector) claiming to employ DevOps, Rao’s experience suggests that maybe a fifth are “doing real DevOps where there is continuous collaboration, continuous communication with respect to the dev team and the operations team”, and even then often in small, siloed teams within a much larger developer population. The rest are “using a little bit of continuous integration, doing a little bit of continuous delivery,” she says.
Network Security
15