Service denied! The new cybercriminal attack that can take down the world's largest websites

Posted By



February 1, 2017

Debilitating denial of service website attacks have become a major challenge for organisations – and the problem is set to escalate.
Think for a moment about a route you drive frequently. Now imagine what would happen if someone changed the traffic signs to redirect a highway’s worth of traffic down one laneway. The gridlock would be the stuff of nightmares.

Industrious cybercriminals have been causing the internet’s equivalent of this problem by targeting online businesses with distributed denial of service (DDoS) attacks. These attacks render victim websites inaccessible by inundating them with so much data that their internet connection can’t cope. Essentially, they turn the internet against itself.

The most popular technique is for an attacker to request an update from another online system – for instance, the Network Time Protocol (NTP) system used by every website to update its clocks – and to trick that system into sending its reply to the computer running, say, the Australian Taxation Office (ATO) website.

The ATO would ignore the incoming data – but a big enough torrent of traffic would eventually leave little room for anything else trying to get to the website.

By using malware to remotely unify hundreds or thousands of computers into massive “botnets” that all do the same thing at once, hackers have taken down some of the world’s largest websites.

DDoS attacks are on the rise
These attacks are growing in size and number. Recently Akamai, a major network services firm, flagged a 138 per cent year-on-year jump in what it calls DDoS “mega attacks” involving more than 100 gigabits per second (Gbps) of traffic. Such traffic is 10,000 times the capacity of the typical business internet connection. Akamai’s report says the average DDoS target organisation was hit by 30 separate attacks during the third quarter of 2016, with the worst-affected target hit 427 times in that three-month period.

“Defending networks from data breaches has become one of the single most challenging hurdles for organisations to overcome today,” says Wendi Whitmore, a security expert who was recently appointed to lead IBM’s X-Force Incident Response and Intelligence Services (IRIS) team as part of that company’s US$200 million investment in new cybersecurity capabilities.

“Australia’s 2570 DDoS attacks in the 2016 September quarter represented a 40 per cent jump.”
“No matter what business they operate in,” she adds, “our clients really face the same challenges on nearly a daily basis – especially with DDoS attacks. It’s less expensive for attackers to wage these attacks, and much more expensive for businesses to effectively defend against them.”

IBM knows the cost of DDoS attacks firsthand: the company was recently criticised in a review of the 2016 eCensus disaster in which the highly promoted eCensus website suffered a series of DDoS attacks. IBM ran the site for the Australian Bureau of Statistics (ABS). The 40-hour outage – blamed on poor communication and DDoS management processes in a post-mortem released in November 2016 – ultimately cost IBM more than A$30 million in damages.

It harmed the ABS’s reputation so badly that in a post-census survey, 33 per cent of respondents said the census results couldn’t be trusted.

Such incidents highlight just how rapidly the DDoS threat has evolved from a technical concern to a fully-fledged business risk. That’s particularly true in Australia, which DDoS specialist Nexusguard recently named as the Asia-Pacific region’s second most targeted country (China was number one). Australia’s 2570 DDoS attacks in the 2016 September quarter represented a 40 per cent jump over the previous quarter.