Cyber-attacks against internet-connected resources have risen during the last 12 months – with distributed denial-of-service (DDoS) one of the most significant. DDoS has the power to shut down internet connectivity for an organization and act as a smokescreen for more malicious attacks such as ransomware. Yet understanding the financial impact can be challenging to calculate.
DDoS attacks have been around for over three decades. Broadly speaking, they are a class of cyber-attack that uses multiple, compromised systems to send bad traffic over the internet to overwhelm the resources of a targeted application, service or platform. As a result, the victim of a DDoS attack might experience degraded services or even complete failure – and the impact can spread beyond a single target if that victim is, in turn, a supplier to others.
Take the most recent example of a DDoS attack against Voipfone, a highly regarded voice-over IP and broadband internet provider in the UK. It was plagued by a DDoS attack that caused “significant service disruption” for two days in early September. The ISP issued a statement that said it has suffered a “planned and organized DDoS attack” that had targeted Voipfone and similar organizations in the UK. Also, it had also received a sizeable ransom demand from what it described as a “Russian-based criminal hacking organization called REvil.”
However, understanding the cost impact goes beyond whether a ransom is paid. The factors are highly dependent on the nature of a victim’s business, the level of disruption and duration. At one extreme, consider popular or heavily trafficked internet sites such as e-commerce, gaming and web hosting that can lose hundreds of thousands of pounds for every minute they are down. According to Corero’s whitepaper, The Need for Always-On in DDoS Protection, the average cost of a DDoS attack in the US is around $218k without factoring in any ransomware costs.
Remediation and compensation are also a factor. For some organizations, such as web-hosting providers, an outage can impact thousands of customers, leading to high compensatory costs, especially where there is a service level agreement (SLA) with contractual obligations and penalties. These direct costs could pale into insignificance compared to reputational damage, especially if the attack is used as a diversion for a data breach in which intellectual property or personal customer data is stolen or compromised.
Factoring in the potential cost of a DDoS attack has become more pressing as the risks have grown – especially during a pandemic that has also seen a shift in DDoS attack behavior. Data from the 2020 Corero DDoS Threat Intelligence Report showed a 70% growth in attacks over 10Gbps and a significant increase in high packet-rate attacks. The analysis suggests this is due, at least in part, to the increasing shift to 100Gbps internet connectivity, a trend that is driving the need for more significant everyday DDoS attacks. In addition, the frequency of repeat attacks also grew noticeably, with a 68% increase in organizations experiencing a second attack within a week.
In terms of countering this threat, the priority is accurate, automatic and rapid protection. DDoS that can now evade legacy mitigation mechanisms – specifically short, sub-saturating, multi-vector attacks – can potentially create havoc. At the same time, IT teams struggle to identify the cause. Therefore, it is critical to employ a solution that can monitor network traffic, in real-time, for small-scale and high-volume attacks.
Having identified DDoS attack traffic, it is imperative to block it quickly and accurately. DDoS mitigation relies on security professionals analyzing the traffic and making relevant policy updates or swinging attack traffic via a cloud protection service. Still, it cannot react fast enough to stop attacks from impacting business. Based on these criteria, it is vital to consider the benefits of ‘always-on’ to reduce the time to mitigation, from the tens of minutes of legacy solutions to the seconds required to defeat modern attacks.
Alongside these priorities, IT teams must gain some understanding of any DDoS attacks they are targeted by. There are many types of attack vectors used for DDoS, and each has a different profile. Therefore, recruiting staff with such skills is increasingly challenging, so getting at least a few staff members familiar with DDoS best practices should be considered. The most straightforward approach is to use a DDoS vendor that offers SOC services and can work with IT staff to help communicate to the business what happened during an attack and how the defenses dealt with it. The cost of DDoS attacks is on the rise, and only an active defense will counter their potentially crippling impact.