Combating DDoS defence buck passing: Nexusguard
Distributed Denial of Service (DDoS) defence is a grey area in Australian cyber security, with cloud providers and businesses juggling the responsibility of eradicating the vulnerability, according to DDoS defence firm, Nexusguard.
The San Francisco-based company announced today that it would be opening an office in Sydney in September, with the aim of explicitly targeting DDoS attacks in the country.
Latest Australian news
Bill Barry, global strategy vice president for Nexusguard said that a business would not wait until it had a fire to get fire insurance, so a business should combat DDoS defence in the same way.
"Our chief scientist just recently set up a honeypot project, Australia alone had over 30 targeted attacks in seven days. That's pretty significant," he said. "Australia ranks in the top 10 for targeted countries, which, based on a per capita basis, is quite extreme."
Quick to point out the way other companies handle the apprehension of such vulnerabilities, Barry likened it to a hot potato, where the onus is juggled between client and cloud provider with neither party keen to take the responsibility.
Barry said that initial talks with Australian ISPs has been received well, and that there is a technical and consensual gap that nobody is interested in cleaning.
"We really do need to be on the ground to combat these attacks properly, having a presence to show that we are making a serious commitment to tackling DDoS in the country," he said.
"There's confusion in the middle space between the service providers and the data centre hosting providers of whose responsibility is it to protect against DDoS attacks."
"One term you hear is 'clean pipe', from ISP to ISP, where one ISP sells a pipe to another and they say: 'If there's a DDoS attack, we'll remove it'. That is being sold out to the market as DDoS mitigation, which in fact, is actually the opposite of DDoS mitigation.
"If you have a website that you are trying to protect and you buy this clean pipe, then you have a DDoS attack, the ISP just takes you offline -- this is really just DDoS facilitation. They take you offline, to make sure everybody else survives. Shared infrastructure, shared risk."
Barry's colleague, chief marketing officer for Nexusguard, Hope Frank, added that the solution has not helped a business, with the clean pipe facilitators extracting the vulnerable company, and pulling them offline, rather than fixing it.
Known for her time as CMO at Codenomicon, the security firm who found the Heartbleed vulnerability, Frank said Australia was lagging the world.
"You're not going to be safe, it's just a matter of when," Frank said. "There are other regions around the world that are already ahead of you, and dealing with this. So it's time to step up and have a plan -- not a strategy -- but a plan."
"There might be just one company that is the problem, and they have extracted that company, so the network is running smoothly. But if you're that one company, and they just extract it, that's not DDoS mitigation, you're just basically sacrificed for the greater good," the CMO said.
Nexusguard's raison d'être is to combat DDoS attacks, and to do that successfully, Barry said that the best way is to send it off premise as soon as a spike is found.
"When you're under a DDoS attack, you swing all of your traffic to our scrubbing centre. We then clean out all the botnets, or the bad traffic and let the good traffic pass. When the attack subsides, the traffic swings back to the company."
"For the most part, a company's internet traffic is one of the most valuable things they have, financially speaking; if the service is down, business doesn't happen."
The Australian Cyber Security Centre (ACSC) recently published its security Threat Report [PDF], which highlighted DDoS attacks are happening right under our noses.
"The impact of DDoS activities can be amplified when they are bounced off other internet services," the report said. "Cyber adversaries are now using infrastructure that can turn small requests into large responses -- some up to 500 times larger -- meaning that even relatively small botnets can cause significant problems for Australian organisations."
The report said that whilst the number of DDoS activities identified by or reported to the ACSC during 2014 remained steady compared to 2013, there was a growing trend of DDoS extortion, with Australian businesses threatened with DDoS activity for a fee. This 21st century blackmail is a growing menace, with the FBI warning businesses of the rise in DDoS extortion attacks on its shores, earlier this month.
Whilst the report does not explicitly state how many DDoS attacks were performed on Australian businesses, it reported the Australian Signals Directorate -- the intelligence agency for the Department of Defence -- responded to 1,131 cyber security incidents in 2014, a figure up 20 percent from 2013's 940.
According to Cisco, the number one cyber challenge for Australia is the increasing number of incidents that are causing harm to the economy and society. In its response to the Australian Government's Cyber Security Review [PDF], the networking giant said that losses from cyber security incidents are estimated to be as high as 1 percent of GDP, which for Australia, could be as much as AU$17 billion.
"As an early adopter of cloud, the Internet of Things, and other new technologies, Australia is well placed to become a hub of innovation and digital development that will drive Australia's future economic prosperity," the report said. "For this opportunity to be realised however, cybersecurity must be recognised in all aspects of national strategy."