Criminals Turn to Outsourcing to Launch Distributed Denial of Service Attacks

Here’s one sign that outsourcing has become an accepted global business strategy: the criminals have adopted it! Yes, friends, neighbors and countrymen, criminals are hiring IT experts to perform distributed denial-of-service (DDoS) attacks, which effectively bring down Websites.

NSFOCUS, Inc., a company that provides enterprise-level network security solutions and services, tracked 168,459 individual DDoS attacks in the first half of 2013 among its customer base, according to its Mid-Year DDoS Threat Report 2013. The report said a major DDoS event broke out every two days on average. NSFOCUS detected one common DDoS attack every two minutes from its own monitoring networks.

“Those numbers are mind-numbing,” says Vann Abernethy, senior product manager at NSFOCUS. “Can you imagine the global number?” he asks rhetorically.

Even worse, the report found 68 percent of the victims suffered multiple attacks; that percentage was only 49.3 percent in 2012.
Abernethy explains DDoS attacks keep IT professionals up at night because they can:

  • Damage back-end infrastructure
  • Affect applications
  • Destroy databases
  • Upset paying customers
  • Cause the loss of sensitive information

Why now?

DDoS attacks have been occurring since the late 1990s with the wide use of routing networks, Abernethy noted. “Ten years ago DDoS attacks were an annoyance at best,” he recalls. IT experts simply emptied the IT pipe with all the bogus traffic and “simply forgot about it.”

Today cloud computing has changed the landscape. The perpetrators are “taking advantage of server level power,” he says.

How are the criminals getting involved?

Abernethy says historically the perpetrators were “hacktivists,” people who wanted to get revenge, make a political statement or impress their peers. “Now we are seeing more criminal activity,” he reports. Abernethy says the criminals even advertise on the Internet!

The criminals are also using DDoS attacks as a camouflage. The NSFOCUS executive says a DDoS attack “drives the IT security team nuts.” While they are “going crazy” trying to deal with the attack, the criminals are quietly extracting data. Abernethy says the IT administrators often don’t know the data has left the building until they review the data logs, sometimes days later.

For example, back in 2011 there was an attack on the Hong Kong Stock Exchange. Law requires all listed companies put their financial statements online. The Exchange itself is remarkably secure but the Website hosting the financial statements was not.

The attack caused the stocks of seven companies, including HSBC and Cathay Pacific, to suspend trading, resulting in millions of dollars of lost trading profits. The attacker, a supposed businessman who was trying to promote his company’s security services, used a botnet comprised of infected computers from all over the world to launch the attack.

In another case, the criminals infected the computer of a salesman for a distribution company. He then logged into the company’s secure computer system with his now compromised computer. The thieves retrieved the necessary codes to break into the warehouse, which they emptied.

“Criminals are not only interested in IT threats,” explains Abernethy. “They want to steal physical goods, too.”

NSFOCUS expects criminal activity to continue to grow during the back half of 2013 for two reasons:

  1. Botnet rentals. The criminals are hiring IT experts to create botnets. Botnets can be comprised of PCs, tablets or smart phones. The criminals infect the device with malware. The infected devices can then make repetitive attacks over short periods “more effective and less expensive,” according to the report.
  2. Corporate willingness to pay ransom. Once the media reports you paid a ransom (however reluctantly), your site becomes a priority target for other cyber criminals.

HOW NSFOCUS fends off attacks

Website owners of all stripes want to ensure that their online businesses remain operational no matter what. Products like NSFOCUS’s Anti-DDoS System can help service providers and customers find and fend off these attacks while letting legitimate traffic get through to critical systems.

For example, NSFOCUS charts each botnet’s characteristics. This is a constant job “because they have spoofing abilities,” he explains. The company grey lists these botnets; when its software spies a suspicious address, it shuts down the attack.

Like anything else, the only way to protect yourself from any criminal activity “is to be hyper vigilant,” says Abernethy.

My advice: Protect your computer and Website and get a guard dog.

 

Outsourcing Center, Beth Ellyn Rosenthal, Senior Writer

Recent Posts

  • Business Challenge
  • Contract
  • Function
  • Governance
  • IT Applications
  • IT Infrastructure & Applications
  • Multisourcing
  • Service Level Agreement (SLA)
  • Time to Market
  • Transition
  • Vendor Management

The Meat and Potatoes of Multi-Vendors

While the glamorous multi-vendor deals are the ones garnering most of the attention in outsourcing,…

26 years ago
  • Contract
  • Function
  • Governance
  • IT Applications
  • Multisourcing
  • Procurement
  • Service Level Agreement (SLA)
  • Vendor Management

Teaming: Making Multi-Vendor Relationships Work

Since the late 1980's, outsourcing vendors have relied on subcontractors to perform part of the…

26 years ago
  • Business Challenge
  • Communication
  • Contract
  • Energy & Utilities
  • Financial Services & Insurance
  • Governance
  • Industry
  • Manufacturing
  • Time to Market
  • Vendor Management

Lateral Leadership For Organizations That Are Outsourcing

American firms continue their rapid expansion of service and product outsourcing. Companies signed major new…

26 years ago
  • Business Challenge
  • Communication
  • Contract
  • Financial Services & Insurance
  • Governance
  • Healthcare
  • Industry
  • Manufacturing
  • Pricing
  • Service Level Agreement (SLA)
  • Time to Market
  • Vendor Management

The Many Sides of a Re-Do

Outsourcing's maturation as an industry has created a substantial body of experience in 'renegotiating' and…

26 years ago
  • Business Challenge
  • Contract
  • Cost Reduction & Avoidance
  • CPG/Retail
  • Financial Services & Insurance
  • Government
  • Industry
  • Pricing
  • Risk-Reward
  • Service Level Agreement (SLA)
  • Time to Market
  • Transition
  • Vendor Management

EURO: Ready or Not, Here It Comes

On January 1, 1999, eleven member countries of the European Union (EU) will adopt the…

26 years ago
  • Business Challenge
  • Cost Reduction & Avoidance
  • Financial Services & Insurance
  • Function
  • Global Service Delivery
  • Industry
  • IT Applications
  • Manufacturing
  • Procurement

The Rise of Global Business Process Outsourcing

Business Process Outsourcing (BPO) is paving the way for leading companies to compete globally and…

26 years ago