See our Outsourcing Provider Directory here

Criminals Turn to Outsourcing to Launch Distributed Denial of Service Attacks

Here’s one sign that outsourcing has become an accepted global business strategy: the criminals have adopted it! Yes, friends, neighbors and countrymen, criminals are hiring IT experts to perform distributed denial-of-service (DDoS) attacks, which effectively bring down Websites.

NSFOCUS, Inc., a company that provides enterprise-level network security solutions and services, tracked 168,459 individual DDoS attacks in the first half of 2013 among its customer base, according to its Mid-Year DDoS Threat Report 2013. The report said a major DDoS event broke out every two days on average. NSFOCUS detected one common DDoS attack every two minutes from its own monitoring networks.

“Those numbers are mind-numbing,” says Vann Abernethy, senior product manager at NSFOCUS. “Can you imagine the global number?” he asks rhetorically.

Even worse, the report found 68 percent of the victims suffered multiple attacks; that percentage was only 49.3 percent in 2012.
Abernethy explains DDoS attacks keep IT professionals up at night because they can:

  • Damage back-end infrastructure
  • Affect applications
  • Destroy databases
  • Upset paying customers
  • Cause the loss of sensitive information

Why now?

DDoS attacks have been occurring since the late 1990s with the wide use of routing networks, Abernethy noted. “Ten years ago DDoS attacks were an annoyance at best,” he recalls. IT experts simply emptied the IT pipe with all the bogus traffic and “simply forgot about it.”

Today cloud computing has changed the landscape. The perpetrators are “taking advantage of server level power,” he says.

How are the criminals getting involved?

Abernethy says historically the perpetrators were “hacktivists,” people who wanted to get revenge, make a political statement or impress their peers. “Now we are seeing more criminal activity,” he reports. Abernethy says the criminals even advertise on the Internet!

The criminals are also using DDoS attacks as a camouflage. The NSFOCUS executive says a DDoS attack “drives the IT security team nuts.” While they are “going crazy” trying to deal with the attack, the criminals are quietly extracting data. Abernethy says the IT administrators often don’t know the data has left the building until they review the data logs, sometimes days later.

For example, back in 2011 there was an attack on the Hong Kong Stock Exchange. Law requires all listed companies put their financial statements online. The Exchange itself is remarkably secure but the Website hosting the financial statements was not.

The attack caused the stocks of seven companies, including HSBC and Cathay Pacific, to suspend trading, resulting in millions of dollars of lost trading profits. The attacker, a supposed businessman who was trying to promote his company’s security services, used a botnet comprised of infected computers from all over the world to launch the attack.

In another case, the criminals infected the computer of a salesman for a distribution company. He then logged into the company’s secure computer system with his now compromised computer. The thieves retrieved the necessary codes to break into the warehouse, which they emptied.

“Criminals are not only interested in IT threats,” explains Abernethy. “They want to steal physical goods, too.”

NSFOCUS expects criminal activity to continue to grow during the back half of 2013 for two reasons:

  1. Botnet rentals. The criminals are hiring IT experts to create botnets. Botnets can be comprised of PCs, tablets or smart phones. The criminals infect the device with malware. The infected devices can then make repetitive attacks over short periods “more effective and less expensive,” according to the report.
  2. Corporate willingness to pay ransom. Once the media reports you paid a ransom (however reluctantly), your site becomes a priority target for other cyber criminals.

HOW NSFOCUS fends off attacks

Website owners of all stripes want to ensure that their online businesses remain operational no matter what. Products like NSFOCUS’s Anti-DDoS System can help service providers and customers find and fend off these attacks while letting legitimate traffic get through to critical systems.

For example, NSFOCUS charts each botnet’s characteristics. This is a constant job “because they have spoofing abilities,” he explains. The company grey lists these botnets; when its software spies a suspicious address, it shuts down the attack.

Like anything else, the only way to protect yourself from any criminal activity “is to be hyper vigilant,” says Abernethy.

My advice: Protect your computer and Website and get a guard dog.

 

Get 3 Free Quotes Logo

  • Save 70%
  • Unrivaled expertise
  • Verified leading firms
  • Transparent, safe, secure

Get Started

Book a Call Now Logo

Start your Outsourcing Journey in 15 seconds.

Get Started

Outsourcing

Dive into “Outsourcing”

A Guide to … Selecting the Correct Business Unit … Negotiating the Contract … Maintaining Control of the Process

Order now

Outsourcing Articles

Start your
outsourcing
journey here

"*" indicates required fields

Start your outsourcing journey.

Book a call with an outsourcing expert now

This field is for validation purposes and should be left unchanged.

"*" indicates required fields

This guide will walk you through some areas most important when outsourcing, such as
  • Identifying Your Outsourcing Needs Intelligently
  • Research & Selection
  • The Bidding Process
  • Contracts & Agreements
  • Implementation & Onboarding
  • Ongoing Management
  • Evaluating Success
  • Additional Resources

Book a call with an outsourcing expert now

This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Become an OC Partner
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Media Inquiries for OC
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Subscribe to our Newsletter
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Submit Press Release
Accepted file types: pdf, doc, docx, Max. file size: 8 MB.
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Submit an Article
Accepted file types: pdf, doc, docx, Max. file size: 8 MB.
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Request Ben Trowbridge as a Keynote Speaker
This field is for validation purposes and should be left unchanged.

Go to standard quote

Exclusive Enterprise Assistance

  • Independent
  • Trusted
  • Transparent

Offshore staffing solutions for enterprise. Independent expertise, advice & implementation

  • 200+ Firms, Global Reach
  • Offshore, Nearshore, Onshore, Rightshore
  • Managed Request for Proposal (RFP)
  • Assisted Procurement Processes
  • Vendor Management
  • Unique Build Operate Transfer model
  • Captive & Shared Services
  • Champion-Challenger
  • Multi-site, multi-vendor, multi-source
  • Managed Solutions

For Enterprise and large teams only

  • Book 20-minute consult, obligation free

You will get:

  • Needs Analysis & Report
  • Salary Guidance & Indicative Pricing
  • Process Map

Only takes 1 minute to complete the form

Get Started

Not an enterprise?

Go to standard quote