DDoS Reaches Unprecedented Scale in the Terabit Era
Availability issues are striking again and the business can’t operate--it looks like maybe this time a server is down? Determining the root cause can be a challenge, if not impossible, without the right traffic analysis. After all, instead of a server or application issue causing the outage, your worst nightmare could be happening--a distributed denial of service (DDoS) attack.
DDoS attacks aren’t what they used to be. While still viewed as powerful business disruptors, with thousands underway at any given time somewhere in the world, there has actually been a decline in frequency between 2017 and 2018. Great news, right? Unfortunately not. It turns out there is a new alarming trend: DDoS attacks may be less frequent, but they are multiplying in size. According to a recent report, the maximum size of DDoS attacks increased a whopping 174% in the first half of 2018 over the same period in the prior year.
Learn From the Largest Attack
The industry-leading platform Github was hit by 1.35 terabits per second (yes, tera not giga) of traffic in one fell swoop. The company was experiencing the largest DDoS attack on record, completed with an amplification vector using memcached over UDP. For the tech geeks amongst our readers: this type of attack works by abusing memcached instances (a distributed memory system known for high-performance and demand) that are inadvertently accessible on the public internet with UDP support enabled.
While 50x amplified data volumes sounds abhorrent, in total, Github was only offline for five minutes and intermittently unavailable for four minutes after that. In total, that’s fewer than ten minutes, proving that with the right layers of protection any business can weather the biggest DDoS attack in history.
Don’t Overlook the Smaller Attacks
Colossal DDoS attacks may produce headlines, but that shouldn’t be your only concern. There’s another notable method that attackers are using to threaten your business. We’re referring to the popular and affordable, smaller application attacks that go unnoticed for lengths of time until it’s too late. Referred to as “slow-rate” or “low and slow” attacks, cyber criminals masquerade as legitimate requests from users until it overburdens applications, rendering them unresponsive.
As part of multi-vector DDoS attacks, application layer attacks or “layer 7 attacks,” target the application as well as the network and bandwidth. Standing in a category of its own, these attacks become shorter in duration, but growing in frequency, complexity, and persistence. Because of this, application layer attacks can be harder for security solutions to detect than network layer attacks.
Detect and Mitigate No Matter the Size
From mega to tera in size--including volumetric, application, protocol, resource and IoT-based attacks, businesses need a way to detect and mitigate all DDoS attacks. Today’s complex enterprise IT architecture is favoring a distributed application environment, which can include service components and dependencies spread across data centers, the cloud, internet, and applications. This increased east-west traffic flow is making end-to-end performance even more reliant on predictable network behavior, which can incur a ripple effect of damage from a DDoS attack on one digital dependency.
To protect, organizations need:
Greater unification of telemetry data
Detection policies
Mitigation triggering
Hybrid defense systems that combine detection and on-site mitigation appliance, and on-demand bursting to cloud mitigation
At Edgeworx we partner with vendors to deliver all of these layers of defense as well as integrate a comprehensive end-to-end view of traffic to detect and stop DDoS attacks. Before your business falls victim, consider modernizing your cyber security approach for the terabit era. Call us today at +1.647.793.4731.