DDoS attacks are nothing new, but they remain the nemesis of many IT departments in organizations big and small. Why? Because attacks can come from any source, use multiple protocols, leverage massive botnets and often aren’t detected until it’s too late.
According to SecurityWeek, the U.S. Department of Homeland Security (DHS) is now developing a new kind of DDoS defense, one based on collaboration rather than isolation. But can companies really get better security traction in tandem rather than acting alone?
Big Numbers, Big Problems
As noted by Dark Reading, DDoS attacks “are growing in frequency, size, severity, sophistication and even persistence each year.” Since there’s no single vector for these attacks — coupled with the fact that many look like server or network failures at first glance — it’s no wonder both small companies and large enterprises are getting hit, and hit often.
Consider Rutgers University: In 2015, the institution faced six separate DDoS events. Financial institutions and government organizations faced many more, both attempted and successful, because the mechanism for attacks remains simple: Malicious actors need only reliable botnets and solid connections to launch a full-scale effort.
The speed and simplicity of DDoS attacks is also encouraging malicious actors to ramp up their efforts. According to BetaNews, for example, the BBC was hit with a massive attack on New Year’s Eve that — if the attackers themselves are telling the truth — reached a maximum of 602 Gbps. That’s almost double the size of the current DDoS record holder at 334 Gbps.
The group responsible, called New World Hacking, also targeted Donald Trump’s website and said it had plans to go after ISIS-related sites, although it claimed the BBC attack was merely a test and not intended to bring the site down for hours. Some security pros said the group may be targeting high-profile sites in an effort to promote its in-house DDoS tool, BangStresser.
Stopping Traffic With DDoS Defense
With DDoS tools and hacking-as-a-service now available for purchase at virtually any Dark Web marketplace and effectively being advertised through public attacks, companies are understandably concerned. Even when caught midstream, it’s difficult to respond before servers start failing and other, more sophisticated attacks take aim at critical corporate data. As a result, dealing with DDoS has become a top priority for organizations like the DHS, which just awarded a $1.7 million contract to tech company Galois in hopes of strengthening DDoS defense.
The biggest news from the announcement is the development of a new project called DDoS Defense for a Community of Peers (3DCoP), which uses a peer-to-peer mechanism that allows organizations to work together and collectively defeat DDoS attacks. The thinking here is that since many companies and institutions are often targeted by similar attacks, a coordinated response increases the chance of early detection and swift response, in turn lowering overall damage.
Historically, businesses have been reluctant to share attack data or collaborate on defense for fear of giving away trade security secrets or seeming weak in comparison to other companies. The high-volume, high-impact nature of DDoS attacks, however, make this an untenable position; users don’t care about protecting company pride if the result is reduced compute performance or total server failure.
If the DHS effort works as intended, however, organizations should be able to collectively tap the power of the combined whole and get better traction on DDoS defense. In other words, a steady security climb instead of spinning wheels.