In my first blog on distributed denial-of-service (DDoS) detection, “DDoS: It’s Not a Matter of If, But When,” I provide a brief understanding why someone might initiate a DDoS attack and outlined the three variations of attacks.
In part two of this series, I refute five commonly held misconceptions about DDoS. I don’t mean to scare you, but DDoS attacks have been documented to cause “beaucoup” damage to organizations around the globe. It’s not just mischief; it’s nothing to fool around with.
Misconception #1. The odds being hit by a DDoS attack are low.
FACT 1: According to Deloitte, an estimated 10 million DDoS attacks took place last year. If you didn’t get hit with one, you were just plain lucky. Eventually your luck will run out.
Three factors are fueling this growth in scale, severity and frequency of large DDoS attacks:
- Threat actors are using the growing install base of unsecured Internet of Things (IoT) to launch attacks
- The barrier to entry has been decimated by new booter services that enable anyone with an Internet connection and a grudge to launch an attack
- High-speed bandwidth is ubiquitous, empowering botnets to send significantly more spoofed data with greater speeds, intensifying attacks
Misconception #2. DDoS isn’t an advanced threat. I need to focus on advanced persistent threats.
FACT 2: Research shows that more than one quarter of all DDoS attacks are used as a diversion tactic, or smokescreen, to cover up the exfiltration of confidential data. Today’s sophisticated attackers often use a combination of techniques, and DDoS attacks often have a complicated interrelationship with other forms of advanced threats. So…you may want to pay attention if you don’t want to see your data walk out the door!
Misconception #3. The cost of DDoS protection outweighs the impact of an attack.
FACT 3: Some organizations wait to address the issue of DDoS protection until after they have been hit by the DDoS train. Unfortunately, by this stage, it is too late and the damage has been done. Don’t fall into the trap of underestimating the complete impact an attack can have on your organization. According to ZDNet, the average cost of a DDoS attack is at least $2.5 million. Damages can include
- Direct financial loss
- Costs to recover from an attack
- Brand damage and loss of consumer trust
- Supply chain disruption
- Contract fines from SLA beaches
- Regulatory fines from compliance breaches
Misconception #4. My ISP provides DDoS protection.
FACT4: Some Internet Service Providers (ISPs) do; some don’t. But remember, modern attacks are multi-vector in nature and can blend volumetric, protocol and application-layer attack vectors. While ISPs upstream may well be able to detect some of the most blatant, larger attacks, it’s the subtle application-layer attacks that can only be properly managed at the customer premise.
So, since you must pay for your ISP’s DDoS service, wouldn’t you want to purchase protection that will cover you from all variations of attacks?
Misconception 5. I’m okay, I have enough bandwidth to survive an attack.
FACT: Attacks are getting bigger, and bigger attacks are getting more common.
Some coordinated attacks saturate hundreds of gigabits in bandwidth. In fact, recently there was a confirmed attack of an 800Gbs in scale. That’s 60% larger than the previous year’s largest reported attack. In addition, large attacks increased 140% last year.
No doubt, in the future they will only continue to get worse (See fact 1 for reasons). It’s unlikely that you or anyone has enough bandwidth to withstand attacks of this magnitude! Only cloud scrubbers can scale to this magnitude to clean large-scale DDoS attacks and send your clean data on through to your network.
By Heidi Gabrielson
Published with permission from Riverbed.