A Distributed Denial of Service (DDoS) attack mobilises a large number of infiltrated systems to attack a single target. Although this is nothing new, security experts are currently working very hard on the growing number and frequency of attacks like these. One of the main findings was that between 2017 and 2018, the frequency of attacks has actually fallen. Still, don't get excited too soon. An alarming trend shows that there is a sharp increase in the scale of attacks, and they are outstripping many companies' defence capabilities. DDoS has now definitely entered the Terabit era! Find out what this means for you in this blog post.
Last year, one of the largest DDoS attacks to date was directed at a North American service provider and was recorded at 1.7 Tbit/s (!). Fortunately, the attack was successfully countered. However, this was only a foretaste of what can be expected in the near future. In the first half of 2018, the maximum size of DDoS attacks increased by a whopping 174% compared to 2017! Defences designed to fend off attacks in the 300 Gbps range are no longer powerful enough. Even an infrastructure with a defence capacity of 1 terabit is at risk.
Memcached-based attacks exploit vulnerabilities in memory cache servers used to expedite data access to websites. Memcached is free open source software that is widely used in cloud service infrastructures and enterprise networks. However, the software package contained a design flaw was exploited by devious attackers in February 2018. This bug allowed them to use a lot of bandwidth from service providers to build and launch an attack of unprecedented size.
Security teams should expect similar attacks in the future. Given the proliferation of open source software, which is often brought to market quickly and made freely available without carrying out adequate vulnerability testing, we fear that the attack described above will be far from a one-off case. The means of attack are becoming increasingly sophisticated and new attack vectors are emerging. This allows attackers to launch larger and more effective attacks.
Most DDoS attacks are still relatively small and can be fended off relatively quickly and easily, but this could be a thing of the past sooner than anyone imagined! Attackers have long since crossed the terabit threshold, which is why it is imperative to scrutinise your own defence capabilities.
Technologically, it's time for a hybrid or multi-layered defence that combines both localised and cloud-based defences. The advantage of a hybrid approach is that cloud-based defence systems can be primarily used as a backup (as opposed to local defence) and can be activated immediately if the local unit detects a substantial attack.
One possible solution which we from InfoGuard can recommend is the Arbor DDoS protection from Netscout. Data is used from a huge network of different service providers. An effective defence against DDoS attacks can be mounted, in combination with other hardware and software solutions, to detect and mitigate attacks.
In recent years, companies have increasingly switched to using cloud-based solutions to provide their IT services. The Arbor Cloud has an extensive network specially designed for DDoS protection, so that even extremely large attacks can be countered.
Even if large-scale DDoS attacks such as those that occurred last year can (still) be described as exceptions, it is definitely not time to lean back and relax! Even though the number of attacks has decreased, they are still strong enough to seriously compromise or, in the worst case scenario, completely cut off companies’ web connectivity.
Read the free Arbor Cloud whitepaper to learn how critical the threat is and what action you should take.
*In cooperation with Netscout / Arbor