Dark Days Ahead: DDoS Attacks To Escalate

Although not new, DDoS attacks took a turn for the worse in 2016.

Among the biggest was the massive attack in September against the website of security expert Brian Krebs. At its peak, the colossal attack bombarded the site with traffic at the rate of 620 gigabits per second. On October 21, an attack crippled the operations of domain name services provider, Dyn — rendering major websites like Twitter, Airbnb and Reddit unavailable for hours.

DDoS Trends To Worsen

The DDoS forecast shows no signs of letting up in 2017. A report by Deloitte predicts ten million attacks this year, with at least one attack a month exceeding 1 terabit per second. These will be made possible by:

  • Widespread availability of malware to create botnets for launching attacks. The Mirai software, used for some of the biggest attacks, is available in open source form.

  • Large numbers of “Internet of Things” devices with weak security, making them easy to pull into botnets.

  • Growing availability of high data rates, which let the devices send out large amounts of data.

Attacks are growing more sophisticated, disguising themselves as legitimate traffic. Brute-force attacks usually come through layers 3 (network) and 4 (transport) of the OSI network model. Attacks through layer 7 (application) are crafted to drain the resources of particular applications, rather than relying just on volume. They're especially difficult to detect and stop and are becoming more popular.

Any business can be a target, although Deloitte notes there are some more likely to get caught in the crosshairs than others — including retailers with a robust online business, streaming video, financial and business services, and government.

DDoS Defense Strategies

A DDoS attack can strike at any time, and organizations need to prepare. A well-configured firewall and network security software will stop minor attacks. Having spare bandwidth will help in these cases.

Cloud-based defenses can handle bigger attacks by providing substantial reserve capacity and avoiding a single point of failure. Content delivery networks help a site to withstand high-volume attacks. The reserve comes out of a pool of resources shared with other sites, so it can be shifted as necessary. Even so, having a high level of protection can get expensive.

Another approach is the use of dedicated devices to detect and block malicious traffic. This approach can be used separately or in combination with reserve cloud capacity.

Fortinet's FortiDDoS solution is an example of this approach. It uses dedicated security processing units (SPUs) to provide better performance than software on general-purpose processors can.

A FortiDDoS device in a data center examines all layer 3, 4, and 7 traffic and identifies threats using a behavior-based model, rather than threat signatures. This approach is more effective at catching zero-day attacks for which signatures aren't available. To avoid blocking false positives, FortiDDoS uses a reputation scoring system to help distinguish good traffic from bad, enabling legitimate users to get through.

A Fortinet partner, Tec-Refresh has the expertise and technology to help customers prepare for the new breed of DDoS attacks to come. Contact us to learn more.