Cyber threats - What are DDoS attacks?
The recent debacle with the meltdown involving the online Australian census, the first defensive response was to blame a DDoS attack from apparently malicious anonymous offshore hackers. In what has become a politically charged blame game, no doubt the actual circumstances will be revealed when this maelstrom is long forgotten in the public consciousness. What tweaked my interest and not specific to the census fiasco it is sometimes convenient to attribute the most extreme malevolent IT explanation as the problem when the real cause is somewhat more banal.
A DDoS is a "Distributed Denial of Service" attack is an organised cyber assault attempt to render any online service unavailable by overwhelming the target site by flooding it with data and requests from multiple sources. Generally the targets are prominent sites such as banks, media sites, political sites etc, but also could be equally commissioned from a disgruntled employee or various activist groups. DDoS attacks utilise the basic fundamentals of the Internet itself, the transmission of data packets from any source to any destination. The bogus illegitimate data packets are difficult to distinguish from legitimate ones. Many techniques are deployed with innocuous names such as "Smurfs' and "Teardrops" in initiating these events that render the target site unusable by compromising available bandwidth. It is reported that in excess of 2,000 DDoS attacks are observed worldwide daily.
The impact of such episodes range from benign to devastating. Much publicised occurrences include the Christmas Day 2015 attack that took down the Microsoft Xbox Live and Sony Playstation online gaming network. High profile attacks have included the likes of Citibank, Bank of America, HSBC, BBC, The World Bank and NYSE. Google Ideas publish a "Digital Attack" map at http://www.digitalattackmap.com/ The sobering pattern is both New Zealand and Australia are not immune from these security compromises as reviewing the daily and real time maps reveal.
The methods to combat these threats we can specifically advise on which range from software based solutions, hardware appliances and Cloud Mitigation services. Content Delivery Network (CDN) provides such as Cloudflare offer various protection plans. Through their proprietary technology they are able to mitigate a DDoS attack over their entire international network of datacentres. They report the largest attack they have seen was 400Gbps, their network capacity is 10Tbps so scalability has inherent advantages. The caveats of this type of solution is potential data sovereignty concerns.
Clearly the solution to risk manage these cyber threats in formulating a defensive strategy are complex, the first step is preparing a top down review of potential threats.