Here’s one sign that outsourcing has become an accepted global business strategy: the criminals have adopted it! Yes, friends, neighbors and countrymen, criminals are hiring IT experts to perform distributed denial-of-service (DDoS) attacks, which effectively bring down Websites.
NSFOCUS, Inc., a company that provides enterprise-level network security solutions and services, tracked 168,459 individual DDoS attacks in the first half of 2013 among its customer base, according to its Mid-Year DDoS Threat Report 2013. The report said a major DDoS event broke out every two days on average. NSFOCUS detected one common DDoS attack every two minutes from its own monitoring networks.
“Those numbers are mind-numbing,” says Vann Abernethy, senior product manager at NSFOCUS. “Can you imagine the global number?” he asks rhetorically.
Even worse, the report found 68 percent of the victims suffered multiple attacks; that percentage was only 49.3 percent in 2012.
Abernethy explains DDoS attacks keep IT professionals up at night because they can:
- Damage back-end infrastructure
- Affect applications
- Destroy databases
- Upset paying customers
- Cause the loss of sensitive information
Why now?
DDoS attacks have been occurring since the late 1990s with the wide use of routing networks, Abernethy noted. “Ten years ago DDoS attacks were an annoyance at best,” he recalls. IT experts simply emptied the IT pipe with all the bogus traffic and “simply forgot about it.”
Today cloud computing has changed the landscape. The perpetrators are “taking advantage of server level power,” he says.
How are the criminals getting involved?
Abernethy says historically the perpetrators were “hacktivists,” people who wanted to get revenge, make a political statement or impress their peers. “Now we are seeing more criminal activity,” he reports. Abernethy says the criminals even advertise on the Internet!
The criminals are also using DDoS attacks as a camouflage. The NSFOCUS executive says a DDoS attack “drives the IT security team nuts.” While they are “going crazy” trying to deal with the attack, the criminals are quietly extracting data. Abernethy says the IT administrators often don’t know the data has left the building until they review the data logs, sometimes days later.
For example, back in 2011 there was an attack on the Hong Kong Stock Exchange. Law requires all listed companies put their financial statements online. The Exchange itself is remarkably secure but the Website hosting the financial statements was not.
The attack caused the stocks of seven companies, including HSBC and Cathay Pacific, to suspend trading, resulting in millions of dollars of lost trading profits. The attacker, a supposed businessman who was trying to promote his company’s security services, used a botnet comprised of infected computers from all over the world to launch the attack.
In another case, the criminals infected the computer of a salesman for a distribution company. He then logged into the company’s secure computer system with his now compromised computer. The thieves retrieved the necessary codes to break into the warehouse, which they emptied.
“Criminals are not only interested in IT threats,” explains Abernethy. “They want to steal physical goods, too.”
NSFOCUS expects criminal activity to continue to grow during the back half of 2013 for two reasons:
- Botnet rentals. The criminals are hiring IT experts to create botnets. Botnets can be comprised of PCs, tablets or smart phones. The criminals infect the device with malware. The infected devices can then make repetitive attacks over short periods “more effective and less expensive,” according to the report.
- Corporate willingness to pay ransom. Once the media reports you paid a ransom (however reluctantly), your site becomes a priority target for other cyber criminals.
HOW NSFOCUS fends off attacks
Website owners of all stripes want to ensure that their online businesses remain operational no matter what. Products like NSFOCUS’s Anti-DDoS System can help service providers and customers find and fend off these attacks while letting legitimate traffic get through to critical systems.
For example, NSFOCUS charts each botnet’s characteristics. This is a constant job “because they have spoofing abilities,” he explains. The company grey lists these botnets; when its software spies a suspicious address, it shuts down the attack.
Like anything else, the only way to protect yourself from any criminal activity “is to be hyper vigilant,” says Abernethy.
My advice: Protect your computer and Website and get a guard dog.