Last week I wrote about how distributed denial of service (DDoS) attack affect web availability, and the negative impacts on revenue and brand reputation for hosting providers and their customers.
The DDoS Threat to Data Security
This post will address another question facing hosting providers: How do DDoS attacks pose a data security threat? Let me be clear that we all know that a DDoS attack is not a security breach; at face value, DDoS attacks cripple a network or a web application but do not “steal” anything. However, they do present a serious data security concern, because they often serve as a smokescreen for an actual security breach. Let’s start by distinguishing between volumetric attacks and small, sub-saturating attacks.
What is a Volumetric Attack?
Volumetric DDoS attack are very noticeable, and capable of crippling a website or application. These attacks flood the network infrastructure with requests on the order of 100’s of Gbps; and, in recent months’ these attacks have scaled to over 1 Tbps.
What is a Sub-Saturating Attack?
Sub-saturating attacks are far more common, and they are so small that they often go unnoticed by human security agents, and they are far more common than volumetric attacks. In fact, Corero’s research shows that the vast majority (93%) of DDoS attacks among Corero customers are less than 1 Gbps, and 96% of attacks lasted under 30 minutes. They may be short in duration and small in size, but these DDoS attacks are intended to distract IT security staff and enable hackers to profile the vulnerabilities of a network in preparation for future infiltrations. They are just disruptive enough to knock a firewall or intrusion prevention system (IPS) offline so that the hackers can target, map and infiltrate a network to install malware. The attacks are so small that they go often unnoticed by network security staff or legacy DDoS protection systems.
Short DDoS attacks might seem harmless, in that they don’t cause extended periods of downtime. But IT teams who choose to ignore them are effectively leaving their doors wide open for a ransomware attack, or data theft (there is a huge black market on the Dark Web for stolen data). No organization can afford to risk a security breach; every organization owns precious data, whether it is intellectual property or sensitive customer (or employee) data such as social security numbers, credit card information or email addresses. The costs of a true data breach are high; it’s more than an inconvenience.
That’s why DDoS attacks are not only a service availability issue but also an important data security issue for hosting providers. Any DDoS traffic in the hosting provider’s network could lead to a security breach downstream, in a customer network. Hosting providers who deploy DDoS mitigation at the edge of their networks are protecting not only their own networks but also their customer networks.
Corero research shows that some of our customers are seeing four or five DDoS attacks on a daily basis; if not for Corero technology, often they would be unaware that the attacks were taking place. Automated DDoS attack mitigation is the only thing that can detect and block low-threshold DDoS attacks.
Learn how Hosting Company, Liquid Web, Stops DDoS attacks with Corero’s SmartWall.
For more information, contact us.