Distributed denial of service (DDoS) attacks are a growing threat that businesses of all sizes face, up 43 percent so far this year. This is evident when reviewing information on the Arbor Networks’ new Atlas Threat Portal, which is an active threat level analysis system, and from countless media headlines in the past year. It’s a trend that concerns business owners and IT managers as incidents have become more frequent and sophisticated; the attack size, speed and complexity have often been shocking.
Today’s threats target websites and domains, as well as Web services. The number affected by such attacks are many; therefore, it has become viable to use a security strategy and response plan to mitigate such attacks effectively; perhaps implementing enterprise level DDoS defense services would help.
For whatever reason and motive, an anonymous hacker (or hacktivist group) will purposely target a business and threaten its network infrastructure and services with some type of high-bandwidth-consuming flood attack.
Attackers have been known to go after a computer and plant a zombie (aka a botnet) as well, without the user’s knowledge, to launch their attack. The planted zombie can then affect system operations or, worse, install a Trojan horse that can damage or bring down the entire business network infrastructure.
Concern is growing, in recent times, about those malicious people who launch denial of service attacks against Web applications and choose to shut down company Web resources, typically websites. When a site is inaccessible to its users, the impact can be severe and have significant business consequences: for one, it can cause companies to lose customers to competitors, or it can affect its reputation and financial gain.
Furthermore, such attacks that target websites rarely cause permanent damage. It usually temporarily blocks access to the victims’ site and some IT security experts claim these incidences are more of an annoyance than a threat.
According to data from Atlas Threat Portal, there are also an unknown number of companies that have had their websites targeted but that wish not to report it to prevent the news from spreading to the media.
Disruption of an online service is best seen from the recent Spamhaus incident. The anti-spam organization has suffered an attack that knocked its site offline and prevented users from accessing it.
What happened to the Spamhaus organization is said to be the biggest DDoS attack to date, that was made against a website. The attackers used botnets to carry out the attack and disrupt Spamhaus infrastructure, which had spread the damage to over 20 countries. This unfortunate event took place on March 1. Indeed, rumor has it that CyberBunker, the company that offers Web-hosting to sites across the Web, is allegedly behind the attack. Having found weaknesses in Spamhaus configured Domain Name System (DNS) servers, the apparent hacker was able to target the website. To overcome the DDoS and botnet attack, Spamhaus called upon CloudFlare for help to bring its site back online to be once again reachable by users.
Another incident that unfolded recently involved DDoS attacks that crippled giant banking websites. Between those that were targeted were Bank of America, JPMorgan Chase, Wells Fargo, PNC Bank, and U.S. Bancorp. Their sites crashed leaving customers unable to make online transactions. As a result, some consumers actually lost faith in the industry.
One bank incident was even claimed to have been pulled off by an Islamic group that calls itself the Cyber Fighters of Izz ad-din Al Qassam; fortunately, there was no stolen data or money, neither theft of credit card information; instead, it seemed the group wanted to disrupt online banking for some prolonged time to discredit America’s largest banks and their security readiness.
There have also been reported cases where even the Internet’s larger e-commerce companies, like Amazon, have been prone to such attacks. The online retailer’s Internet shopping sites went offline and customers were affected by the outage. In 2009, for example, a similar incident occurred two days before Christmas and made headline news, of course, with Amazon.com customers, who were yet to buy gifts. Since then, Amazon has reported other similar events, recently, that again caused disruption of its website service.