February 26, 2014 By Mary Karnes 4 min read

As data breaches continue to occur, cyber attackers have demonstrated enhanced technical sophistication in the area of distributed-denial-of-service (DDoS) attacks. DDoS methods per se are not advanced, but the method for increasing the amounts of capable bandwidth is a new and powerful way to halt business by interrupting online service. Attackers in June 2013 began to focus their attention on domain name system (DNS) providers.

This year DDoS attacks are a hot topic of conversation at the 23rd annual RSA Conference in San Francisco. Attacks on the DNS providers are another example of compromising central strategic targets. There are several ways these attacks can be disruptive and a complete distraction for security leaders.

Knowing Your DDoS Attacker: Q&A with Security Expert Bill Brenner

Below I explore DDoS attacks with security expert Bill Brenner from Akamai Technologies. As a senior program manager at Akamai Technologies, Bill Brenner writes about threats to Internet security as seen from within Akamai’s InfoSec department. He produces content that explains how Akamai keeps its own house secure while defending customers against attacks. On the side, he writes a personal blog called The OCD Diaries, chronicling his experiences with OCD and other challenges.

1. Best practice for responding to a DDoS attack

Cybercrime is a billion-dollar business and according to a 2013 report from the Ponemon Institute, the cost of cybercrime in 2013 increased by 78% among companies. DDoS accounted for more than 55% of the overall annual cybercrime costs per organizations. Given the magnitude of the growing number DDoS attacks, what is the best practice for responding to a DDoS attack?

Brenner: DDoS defense is something Akamai provides for its customers, but there’s also a lot of great guidance to be found online. One of my favorite examples is this article by Tracy Kitten of Bank InfoSecurity. In the article, she outlines four steps that cut to the heart of the matter:

  1. Use appropriate technology, including cloud-based Web servers, which can handle overflow, when high volumes of Web traffic strike
  2. Assess ongoing DDoS risks, such as through tests that mimic real-world attacks
  3. Implement online outage mitigation and response strategies before attacks hit
  4. Train staff to recognize the signs of a DDoS attack.

Those four tips should be part of any DDoS response plan.

2. Determining an attack is a DDoS

How do you (very very quickly) determine that in fact, the attack is a DDoS, and not something else like a misconfiguration in the network?  Is there an easy way to determine that?

Brenner: When you’re dealing with configuration problems, it’s usually a slower, ongoing series of issues; not necessarily something that will knock out the performance of a whole site. If site performance takes a sudden nosedive or is ground to a halt, that’s usually a good indication that a DDoS attack is in play. The speed with which you can determine if it’s DDoS really goes back to having in place the four items I mentioned above. With that mix of technology and training, separating compatibility problems from attack traffic should be a quicker process.

3. Risks related to cyber threats and reputation

In a DDoS attack, multiple servers send simultaneous requests to the target’s web servers, with the intent of making them crash. Companies like Akamai help customers deflect unwanted traffic from their websites but how does the perception of risks related to cyber threats affect a brands’ reputation?

Brenner: It’s been said that time is money, and that’s certainly the case here. The longer a site is down from an attack, the more likely customers are to go elsewhere to do business. If you’re dealing with a one-off DDoS attack, customers tend to be forgiving and will return. If DDoS attacks are constant, customers will learn to take their money to another business. That’s why having a solid response plan is so important.

4. Defining secure computing

How would you define secure computing from both the IT and network administrative perspectives?

Brenner: In both cases, safe computing involves a workforce trained to be aware of threats, from phishing scams to best practices around passwords. I wouldn’t say there’s a one-size-fits-all approach because every company is different when it comes to the information they need to protect. But there are a lot of standard best practices that cover a wide range.

At Akamai, we give new hires security training on the first day, and that training involves a lot of regular follow-up. We cover everything from which instant messaging platforms to use or avoid when it involves work-related communications to knowing who our adversaries are and limiting the avenues by which they can access our proprietary information.

5. Cybercrime landscape

What will the cybercrime landscape look like in 2020? What will cybersecurity look like in 2020?

Brenner: In many ways the landscape will be the same. The bad guys will continue to use social engineering tricks to dupe people into downloading malicious code that can be used to open back doors for theft. What will be different is the technology most targeted. A decade ago attackers relied on attacks against operating system security holes. Today the targets tend to be the tools of social media like Twitter and Facebook. We’re starting to hear a lot of talk about the so-called Internet of Things and I think we’ll see many more concrete examples of a changing threat landscape as attackers begin targeting Internet-facing technology in everything from cars to household appliances.

As the scope and frequency of data breaches continue in an upward trajectory, it is more important than ever to get back to basic security fundamentals. While technical mitigation is a necessity, educating users within the enterprise that security is a mindset, not an exception, can also reduce these incidents.

Read the IBM research paper: Extortion by distributed denial of service attack

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today