Large DDoS Attacks Still a Serious Problem

In the world of botnets and denial-of-service attacks, 2009 was a very interesting year. While a handful of large, noisy botnets got most of the attention, there were thousands of serious, prolonged DDoS attacks that not only chewed up huge amounts of bandwidth but likely caused major problems for the targeted organizations.

In the world of botnets and denial-of-service attacks, 2009 was a very interesting year. While a handful of large, noisy botnets got most of the attention, there were thousands of serious, prolonged DDoS attacks that not only chewed up huge amounts of bandwidth but likely caused major problems for the targeted organizations.

The analysts at Arbor Networks recently looked back at the data collected by about 100 of their ISP customers on DDoS attacks in 2009 and found that there were more than 20,000 attacks that peaked above one Gbps of traffic. And there were nearly 3,000 attacks that hit 10 Gbps. That’s a lot of traffic, especially when you consider that “many (most?) enterprises remain connected to the Internet at 1 Gbps or slower speeds,” as Arbor’s Danny McPherson points out.

Today, most enterprises and online properties don’t traditionally factor DDoS attacks in risk planning and management related processes. That is, while they go to great lengths to periodically obtain coveted [err..  necessary] compliance check marks related to data integrity and confidentiality, the third pillar, availability, often takes a backseat. This is perhaps largely driven by auditors with fairly static and quantifiable lists of controls that can be put in place to contain risks associated with traditional vulnerabilities. Unfortunately, lack of foresight and appropriate preparation often leaves folks scurrying about madly when DDoS-related incidents do occur, as they’re not considered until you’ve been hit at least once.

To that point, I suspect it would be safe to assume that the probability of an effectively-sized attack targeting a given Internet property today is higher than the probability of a fire that affects that enterprise’s Internet availability and online presence (something I’ll look to qualify) – whilst from a business continuity perspective the latter is quite likely what the enterprise values most in today’s ‘connected’ world.

McPherson’s point may be a little dramatic, but it’s well-taken. Most reasonably sized organizations have a comprehensive plan for dealing with network outages caused by natural disasters, power failures or an intern tripping over a cord. But many of these same organizations may not have a detailed plan for what to do if they’re targeted by a major DDoS attack. Those tend to fall under the heading of, “why would anyone target us?” or “our ISP will handle it.”

Maybe so. But, as Arbor’s data shows, large DDoS attacks are not the rarity they once were and it’s probably better to know who’s going to do what and when before an attack happens than afterward.

Suggested articles

Discussion

  • Anonymous on

    As the world's leading manufacturer of buggy whips, it's imperative every driver carry one in the trunk of their car just in case of a breakdown and the whip can be used on the car's horsepower.

    In other news, a leading provider of DoS hardware is calling for every business and ISP to buy one of their boxes and tossed in a few numbers to make their argument sound convincing.

     

  • Webscreen 1 on

    We work at the sharp end of DDoS attacks and as the company to launch the first commercially available DDoS solution we have over 10 years hard gained experience in this sector. Fact last year was our busiest year, fact we saw DDoS attacks reaching out to the widest range of online business in our history, fact we saw new forms of DDoS attacks taking out knowledgable organisations who believed their expensive firewalls provided full DDoS protection.attacks. If your organisation needs to be online 24 x 7 then you are crazy not to invest in DDoS protection and that my anonymous friend is also a fact !

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.