How to Avoid DDoS Annihilation?

Guest Blog by Carl Herberger, VP, Security Solutions, Radware (a business partner of Data Foundry)

According to US Gov’t statistics, 60% of Small Businesses fold before a one-year anniversary of a cyber-attack.

Not even 18 months ago, the U.S. House of Representatives’ Small Business Subcommittee on Health and Technology Chairman Chris Collins (R-NY) led a hearing to examine the increased volume and complexity of cyber-attacks on small business. The concern was that new attack technologies and techniques present new challenges and threats and the interest of the committee was to investigate the role of the federal government in helping address cyber-security issues.

“It is nearly impossible to conduct business today without the Internet and a strong digital infrastructure,” said Chairman Collins (R-NY). “Cyber-criminal attacks on small business intellectual property and personal financial information present a serious threat that could potentially impair a business, and the threat is growing as many small firms explore new technologies such as the cloud and mobile computing. The recent string of cyber-attacks on high-profile companies is a stark reminder of the current threat. Although attacks on small businesses don’t make the headlines, a recent report illustrated in the subcommittee and reported on Fox Business News (//smallbusiness.foxbusiness.com/technology-web/2013/03/21/most-small-businesses-dont-recover-from-cybercrime/) shows nearly 20 percent of cyber-attacks are on small firms with fewer than 250 employees. Unlike a large company, small businesses may not be able to survive a cyber-attack. Washington has begun to realize the importance and immediacy of this threat, but more must be done to help protect this vital segment of our economy from these increasingly complex attacks.

In fact, this summit and these words were very prescient as not even a year later, we have strong evidence of increased attacks on the small and medium sized businesses and an acceleration of the financial costs associated with these attacks. A great example came in June of this year, when a distributed-denial-of-service attack and subsequent data breach led to the shuttering of a technology firm called Code Spaces in a matter of days. This humbling event offers an eye-opening reminder: Cyber-attacks can destroy a business model – and with breathtaking speed! In fact, Code Spaces was placed out of business from this DDoS attack before they could actually properly remedy the attack itself.

To get into the nitty-gritty a bit and to understand how this could happen, Code Spaces, in a message posted to the homepage of its website, says the DDoS attack against its servers and unauthorized access into the company’s cloud control panel resulted in most of its data, backups, machine configurations and offsite backups being partially or completely deleted. “Code Spaces will not be able to operate beyond this point,” the company says. “The cost of resolving this issue to date and the expected cost of refunding customers who have been without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility.”

The incident took place over a 12-hour period, Code Spaces says. The company is now working on supporting affected customers and exporting back to them any remaining data stored with Code Spaces. “All that we can say at this point is how sorry we are to both our customers and to the people who make a living at Code Spaces for the chain of events that led us here,” the company says.

In fact, Code Spaces has not been the only high profile “Ransom DDoS” attack, but rather they share inglorious company with numerous other companies who have recently felt the dramatic pains of outage, business disruption and public disclosure including the likes of Basecamp, Meetup.com and Feedly (a popular RSS Feed provider).

So, what are the major lessons to be learned here? Well, in the early days thereafter, we think there are some strong correlations between these attacks, which we consider rectifying such as the following:

  • They were all small-to-medium sized businesses
  • They all were ignorant or dismissive to the threats they faced
  • All rely on technology to keep their business model up-and-running
  • None had acknowledged the need for cyber-attack mitigation technologies
  • Staying ‘up’ was a key attribute of their business model
  • None knew where to turn for proper assistance once the attack started

Just like the lessons learned for the need of business continuity plan after the terrorist attacks of September 11th, so should we learn from these harbinger cyber-attacks of 2014. For example, if your company can be described by the above criteria, you should strongly consider risk mitigation, or run a likelihood of cyber-attack routing your business. Organizations need to identify the types of attacks to which they’re most vulnerable and develop steps to address those threats. This will help an organization see how, and, more importantly, if, they are covering the cyber-attack threats facing their environment.

Today’s cyber-attacks are not just a nuisance, nor are they isolated simple events. All too many believe that a cyber-attack is just about volumetric attacks and all you need to do is “buckle down” to weather a storm that will eventually pass. However, this is a folly idea and today’s threat landscape proves this!

Don’t be left to weather the storm by yourself. Consider engaging a competent managed technology provider, such as Data Foundry, who has considered the following criteria in providing services for attack mitigation to their clients:

  • Quality of Attack Detection: Accurate and effective protection against all vectors of attacks.
  • Time-To-Detect: Speedy attack mitigation. Many vendors actually take a lot of time.
  • Time-to-Mitigate: This includes the time to detect and to react effectively; a very important parameter. Only the best service providers achieve client satisfaction in this area.
  • Quality of Mitigation: Make certain that legitimate traffic is not suffering while mitigation is occurring and vice-versa.
  • Detailed Reporting & Response: Today even large enterprises don’t have the expertise and resources to handle large scale and prolonged attack campaigns. Small to large online businesses require an ‘Easy Button’ too – that is a system that provides total end-to-end service for the entire threat spectrum.

In summary, over the past ten years we have witnessed different types of attack mitigation functions, systems and services in action. Attacks are becoming more business relevant. In the past three years the frequency and complexity of attacks has grown. Now it is easier than ever to tell who has gone down, who has stayed up and who helped them along the way. Be a wise consumer and choose a provider who has great technology and service and who has the skill and experience to keep your business secure and available. Twenty percent is one in five. Don’t be that one guy.