Kathy Gibson reports from Kaspersky Labs’ conference in Lisbon – Denial of service (DoS) attacks have been with us for many years, but the rate at which they are launched and their effectiveness is only growing.Amin Hasbini, senior security research at Kaspersky Labs’ global research and analysis team, points out that a distributed denial of service (DDoS) attack last year slowed down Europe’s Internet, demonstrating how effective they can be.
DoS is where a server receives a lot of requests, which makes it unable to serve its regular customers’ requests. DDoS is when the attack is distributed, coming from a number of sources simultaneously.
Variations of the DDoS attack include volumetric, application-level and multi-vector attacks.
“Considering how digital our lives are, and the reliance we have on online services, it’s difficult to imagine how organisations can handle it when a service goes offline,” Hasbini says. “We recently saw an example of a DDoS attack in the gulf where it took a full day for the company to recover its online service. This is really bad for a company’s reputation and can cause critical damage for their clients.”
DDoS attacks are particularly easy to launch, with a number of tools available online. These include graphical tools, or tools for Android – and it’s difficult to mitigate against attacks because just about anyone can run them.
Botnets are generally used to deliver DDoS attacks. These are groups of infected machines, all victims of malware, that are controlled by a single person and set up to launch an attack simultaneously.
“Anyone who can rent a botnet can launch a DDoS attack,” Hasbini explains, “They can be rented using Bitcoins and are easy to run.”
Using amplification techniques, DDoS attacks can be made even more devastating and they are now able to seriously inconvenience even banks and governments with sophisticated capabilities.
In the future, DDoS could be a major threat to the Internet of Things and applications such as smart cities. “All of these devices could be used to launch attacks,” Hasbini says.
“And the fact that they can all be infected and controlled is even more risky. Security for things like smart cities is very important but we are not seeing these technologies being developed with security in mind. Even devices like smart bands that monitor your health and fitness and not secured.
“It is a big problem.”
In 2015, DDoS attacks are expected to be smarter, bugger, faster and stronger. Last year there were 169 attacks of about 100Gbps. Spamhaus, which caused the Internet ins Europe to slow down, was 325Gbps. Then, in December there was an unknown attack of 400Gbps. Fortunately companies were a bit more prepared and were able to withstand this attack with just a slowing down experienced.
But Hasbini warns that attacks in the 600Gbps and 700Gbps range could be expected in 2015 and organisations need to be ready to deal with them.
At the very least, every company should be able to withstand an attack of 20Gbps, he says. Governments should be prepare to handle a lot more, with attacks at a minimum of 100Gbps. In fact, Hasbini says attacks at these rates are happening regularly.
He points out that the average home user has 10Mbps, so if there are 1 000 users in a botnet, this can generate 10Gbps. With the normal bank handling about 5Gbps of traffic it means this botnet could be used to launch a DDoS attack which will probably be successful. More worrying, it costs just $50 per day to rent a 1 000-device botnet. And there are botnets out there that control up to 500 000 users, Hasbini adds.
Working with Interpol Kaspersky Labs recently took down the Simda botnet that has been running since 2009 and controlled 770 000 zombie devices.
Kaspersky Labs’ Alexander Lebedev points out that a DDoS attack can have wide-ranging implications for organisations.
Not only does the computer system buckle under the strain and become unable to service customer requests, but the help desk or system administrator quickly becomes inundated as well. This is usually followed by the resource that handles the request also going down, often resulting in complete infrastructure failure.
There is a further knock-on effect in that the whole IT resource is pulled in to mitigate the attack which places additional strain on IT along with a loss of productivity from both IT and the rest of the organisation.
The loss of services means that the organisation could be subject to penalties for not maintaining service levels, there is almost always some reputation damage; and business can be lost.
In fact, says Lebedev, DDoS attacks are estimated to cost small businesses $52 000 per attack with big businesses losing up to $440 000.
There are few industries immune from DDoS attacks, with companies in software and technology; financial services; shopping; gaming; ISP/telecom; media/entertainment; education public sector; hotel and travel all targeted by DDoS.
Lebedev says Kasperky’s DDoS Protection Service works with companies to detect, mitigate and prevent DDoS attacks. The solution uses technology as well as a response team for a solution that has been developed inhouse, is available 24×7, protects resources rather than channele and works closely with ISPs to block the source of an attacj. “Our DDoS intelligence is deep, and we can identify an attack at a very early stage,” Lebedev says. “It’s not so much the software that matters, but the knowledge that is delivered through the software.”
Among its services Kaspersky Lab offers security educational services, investigation services, threat intelligence services and security awareness.