APAC enterprises still not DDoS-aware

Asian enterprises must increase knowledge of distributed denial-of-service attacks, industry watchers urge, noting that misconceptions prevent businesses from staying abreast on how best to protect against such threats.

Distributed denial-of-service (DDoS) attacks have been around for at least a decade, with thousands of such incidents taking place each day around the world. But, a whopping 99 percent of these attacks go unreported, according to a security expert.

In light of recent high-profile WikiLeaks and consequent security incidents, Mark Teolis, general manager of DOSarrest, explained that while most large e-commerce sites have some level of protection, many are not adequate to deal with such assaults, especially complex layer 7 DoS attacks (L7DA), in an e-mail interview with ZDNet Asia.

Frost and Sullivan's analyst, Edison Yu, agreed. He noted that this is the case particularly in the Asia-Pacific region, where instead of using an application firewall, many enterprises still rely on traditional firewall and intrusion prevention system (IPS) for protection against L7DA.

Yu explained that these sophisticated DDoS attacks are able to bypass the traditional firewall and target applications, bringing down Web sites due to an overwhelming volume of service requests being sent out by botnets.

The "Brute Force" program is said to be able to send more than 1 million attempts per second. L7DA also has the capability to slow down the HTTP server.

According to DOSarrest, the top misconception enterprises have is that traditional firewalls are able to thwart all DDoS attacks. The security vendor added that over the past 12 months, L7DA consisted of 60 percent of the overall DoS threat landscape, followed by SYN type floods which comprised 30 percent, and UDP/ICMP attacks taking 10 percent.

The company also revealed that 80 percent of DoS attacks had a layer 7 component, while the same percentage carried a combination of two or more components.

Teolis noted that "most purpose-built, so-called DDoS mitigation devices" will not stop all layer 7 attacks, but enterprises can thwart them by adopting a "robust multi-layer strategy". This includes eliminating all non-essential traffic in the cloud, having good SYN protection and implementing a well-designed robust system for layer 7.

DOSarrest, which represents various merchants in different industries including pharmaceuticals, gaming and music downloads, revealed that one of its customers was a victim of "Operation Payback" during the WikiLeaks-related attacks but suffered zero downtime. A coordinated series of attacks comprising Internet activists that target opponents of online piracy, Operation Payback launched attacks on Web sites of banks that withdrew its services from WikiLeaks.

Internet not built for trust
Yu, who has been tracking the developments of DDoS attacks, noted that what used to be reserved to drive "cyber espionage", is now being exploited by cyber criminals to gain sensitive data or compromise monetary transactions.

He described it as a "two-way situation" where, increasingly, enterprises are migrating to the Web for commercial reasons. By making more information available online to provide employees and customers easy access, businesses are giving criminals greater opportunities to scrutinize system loopholes, thereby, making their sites more vulnerable, he said.

"The Wikileaks incident has emphasized that the Web was never designed as a trusted environment," Yu cautioned. "I think that's something we tend to forget when we go online and embrace the Web in personal and professional domains."

Jonas Frey of Probe Networks, was quoted in a recent NetworkWorld article, saying that even as ways to mitigate and thwart attacks continue to emerge, attackers have also been successful in discovering new security loopholes. He added that there is "no real solution right now".

"Nowadays the consumers have a lot more bandwidth and it's easier than ever to set up your own botnet by infecting users with malware and alike," Frey said in the report. "There's not much you can do about the unwillingness of users to keep their software or operating system up-to-date. There is just no patch for human stupidity."

While the figures paint a grim picture, Teolis believes the overall risk is still low. However, he noted that the landscape remains unpredictable.

Yu noted: "DDoS is becoming more and more contentious, given the nature and motivation behind the attacks, [and this is] something which enterprises are not very wary of."

In a bid to minimize risk exposure, the analyst urged enterprises to relook access to the corporate network through mobile devices, and evaluate if their IT infrastructure is capable of handling these security threats.

As more criminals target layer 7 DDoS attacks, an increasing number of security vendors are launching service offerings that specifically target such risks. Kaspersky, for instance, recently announced plans to start selling an "experimented DDoS shield" globally if it is able to work effectively.