Mounting a Proactive Defence against Distributed Denial of Services (DDoS) Attacks in the Hactivism Era: Amy Larsen DeCarlo, Current Analysis

When HSBC disclosed in October 2012 that the many of its websites around the world had been knocked offline by a flood of malicious traffic, the British multinational bank joined a long list of commercial and public sector institutions that had apparently been victimised by ideologically-minded cybercriminals. Early indications point to a hacktivist group that had also carried out similar attacks against the U.S.-based Capital One bank in the same in an effort to draw attention to its protest against what has widely been decried as an offensive YouTube video. The group behind the breach employed a botnet to overwhelm the HSBC services, a common technique in DDoS attacks.

Unfortunately, what is remarkable about this kind of attack is how routine these politically-motivated incidents are becoming. Many venerable organisations, some like HSBC with no direct ties to the issue being protested, have found themselves in the sites of an aggressive hacktivist group that has taken up arms using DDoS as its weapon of choice. The victims, which include the U.K., U.S., and Swedish governments, Sony Pictures Europe, and PNC Banks, are targeted because of their high profile and in some cases, their relationship to some controversy.

While humiliation and inconvenience are direct products of these often 20GB+ attacks, there is also a very real risk these breaches may be a cover for data theft. DDoS mitigation vendor Arbor Networks reports that based on a survey of its service provider customers, more than one-third of DDoS attacks were politically or ideologically-based. Unfortunately, it is hard to get an accurate gauge of just how many actual attacks are taking place with Arbor Networks estimating that only about one-quarter of all incidents are actually reported.

What is clear is that organisations of all stripes need to be aware of the changing threat landscape and its potential impact on them. Many enterprises that in the past may not have been a particularly attractive target for cybercriminals are finding themselves under threat, and often with little or no warning.

For this reason it is critical that all enterprises take a more proactive approach to their own defence, starting with being aware of just how vulnerable many of their Internet-facing systems are. Organisations need to address these vulnerabilities using the same kind of multi-layered approach they apply to securing any other critical asset. This extends to investing in DDoS detection and mitigation to stave off the kind of crippling attacks that have brought down some of the sites operated by the world’s largest financial institutions and most important governments.
Telecom providers like Tata Communications can bring a particular expertise to this equation through their extensive expertise in running secure networks and having the security and transport infrastructure to detect and deflect attacks. By examining traffic in real time for anomalies, a provider can reduce the number of false-positives to keep “good” traffic flowing and redirect any malicious traffic to the network edge.

Whatever approach an organisation takes, whether it is trying to manage DDoS detection and mitigation technology or relying on a third party service, it is clear that enterprises need to be ready with a proactive defence. Without this preparation, the risk of what can be very costly and embarrassing losses is great.
.
Amy DeCarlo is reachable at adecarlo@currentanalysis.com. Amy also blogs for Current Analysis’ IT Connection service (itcblogs.currentanalysis.com).