DDoS still worth fighting, despite becoming `cheap’

Distributed Denial of Service (DDoS) attacks are back in the news, not least because the ransom price has come down to almost `commodity’ levels. For example Meetup.com has been suffering an on-going DDoS attack because it refuses to pay a $300 ransom to be free of it.

This is shows that DDoS has descended to the level of a `cost of business’, rather like a tax paid to cyber criminals.

It has also prompted security intelligence firm, Lancope, to ramp up is efforts against DDoS aatcks with the creation of a new partnership with Radware, and has prompted Lancope CTO, Tim 'TK' Keanini, to offer the following thoughts.

"I believe this is evidence that it is an opportunistic time for criminals of all calibres to try their hand at cybercrime.   When you can purchase DDoS capabilities on the black market for a very low price, it only makes sense that someone new to cybercrime would misprice the extortion amount.  The sad part is that because the cost to execute a denial of service attack is so low, this low extortion price was still profitable for them. 

“In general, this type of ransom is not new and it is growing on many fronts.  The two major forms are preventing access to their files on the local system, and this form which is preventing access to their Internet business.  I’m certain more forms will emerge and will be priced accordingly because in the end, the stats show that ~30 percent of victims pay up. 

“The takeaway here for business should be not the likelihood of the DDoS event happening in their near future – because it will happen; but a readiness and strategy to ensure that you have made yourself too expensive for these criminals to pursue.  You have to change the economics because it is far too inexpensive for cybercriminals to be successful at their operations.  Only when you begin to battle them as a business, will you establish some type of equilibrium in this hostile environment known as the Internet."

Part of Lancope’s own solution to the problem has been to form a partnership with application delivery and security solutions provider, Radware. The pair plan to offer service providers and enterprises an enhanced attack detection and mitigation solution against DDoS attacks.

By deploying Lancope’s StealthWatch System with Radware’s Attack Mitigation Network (AMN) distributed detection layer, Radware’s customers enhance their coverage with NetFlow-based traffic statistics and detection. The combined solution will enable service providers and enterprises to detect DDoS attacks in a non-intrusive manner and divert suspicious traffic only to scrubbing centres for attack cleansing.

Radware’s AMN combines distributed detection and mitigation elements, which are maintained synchronised with legitimate traffic baselines and attack information in real-time. AMN expands the detection coverage across all enterprise resources and automates the mitigation by selecting the most effective tools and locations – in the datacentre, at the perimeter or in the cloud.

“The best-of-breed combination of Radware’s AMN with Lancope’s StealthWatch System provides a granular view of the network based on flow statistics, which contain both traffic engineering and security analysis, to look for anomalies that carry the characteristics of a DDoS attack,” said Amir Peles, vice president of technologies for Radware. “By selectively diverting the anomalous flows through Radware’s attack mitigation engine, attacks can be blocked with no interruption to legitimate traffic. Feeding ‘peacetime’ traffic baselines into Radware’s patented Network Behavioural Analysis enables accurate detection and blocking of L3-L7 attack vectors.”