Denial of Service (DDoS) Cyber attacks – are they using the same logic as terror threats?

2202
DDoS-network-map300
A graphic description of DDoS attack in progress. (Click on image to expand)

Much has been discussed about the damage that the Advanced Persistent Threat (APT) attacks cause to corporates and governments alike. It is estimate that at least 50% of Fortune 500 companies have been compromised by APT, and the potential financial damage to these organizations is almost impossible to quantify, but probably in the trillions of US dollars.

Compared to this a crude Denial of Service (DoS) attack or its more advance siblings, the Distributed Denial of Service (DDoS) attacks and Distributed Reflector (DRDoS) attacks, their outcome seems pretty benign- your site is being bombarded by thousands of request for information, until the server gives up and no-one can actually use the site. Once the attack stops, access is possible again and no damage to your IT infrastructure has occurred, no data or money was stolen and hopefully your angry customer will believe it was just a “site malfunction”.

But as attack methods have become more sophisticated AND more accessible (for example, now one can simply rent hundreds of BOT computer as a service, to carry the attack for him, using a simple interface, with no need to know how to actually hack), the industry had to act, and developed means to mitigate these attacks. Several methods of DDoS mitigation exist and multiple companies offer these as a service. Now a very dangerous equation begins to unfold, one where the attacker can use simple, cheap tools (a fairly typical rate for DDoS botnet rental hovers around the $200 for 10,000 bot agents per day), and the defender must invest much larger resources, both internal (maintaining a Security Operations Center or SOC) and external (service providers), creating an inherent asymmetry.

This asymmetry means that organizations wishing to mitigate this threat will keep investing (or throwing, since there is no actual gain here, only minimizing the impact) money over time, until they are in serious economic pain. And this is exactly what Islamic terrorist have been trying to do in the recent global jihad campaign- making western countries bleed money in order to try and prevent sparse attacks carried by rudimentary means. As Osama bin Laden said: “It is very important to concentrate on hitting the American economy with every available tool … the economy is the base of its military power. The United States is a great economy but at the same time it is fragile.”

The risk is that using offensive cyber means one can achieve this goal much faster (and one does not have to blow himself to pieces in the process, or hurt innocent people). Therefore, prevention and not only mitigation is necessary. Organizations must be far more proactive than they are now. Sure, investments in IT security and best practices are always a good idea, but also applying preventive intelligence to greatly reduce the impact of attacks. This, couples with harsher legislation and enforcement against both the suppliers and the perpetrators of the attacks will hopefully, in the end, balance this asymmetric equation.

TerrogenceYotam Gutman, Lt. Commander (Ret.)

Ex. Israel Navy officer with abundant experience in weapons systems, C4i and simulation systems, Gutman has worked in various technical, sales and marketing roles within the Israeli defense and HLS industry. Yotam now manages global sales of tailored intelligence services for Terrogence.