Authored by: Peter Löfling, General Manager APAC, Varnish Software
Quarter on quarter in 2020, the volume of DDoS attacks doubled globally. With the seismic shift in business operations, new and old threats have emerged. Companies
have learned the hard way how vulnerabilities are exploited, and security measures get breached.
The consequences of a successful DDoS attack can be disruptive and expensive:
An average DDoS attack for a large business is 2 million USD; for an SME it’s about 120,000 USD.
Market data show that 1 hour of downtime costs 300,000 USD for most companies; for larger companies, 1 hour of downtime can top one million USD.
An average data breach costs 3.9 million USD.
Ransom-driven DDoS attacks are also on the rise; DDoS ransom extortionists threaten companies’ networks if they don’t pay up.
Loss of trust, business downtime and extra human resources for correcting issues: virtually incalculable.
The new DDoS landscape
The DDoS landscape continues to threaten businesses globally at the network and DNS levels, and APAC is no exception. Threat vectors are multiplying, along with increased COVID-era traffic, geopolitical issues, potential politically motivated and state-sponsored DDoS activity, and the marketplace’s innumerable unsecured, connected IoT devices. Perpetrating DDoS attacks has become easier than ever.
Attack vectors have become easily accessible. Meanwhile the attack size and duration aren’t necessarily increasing -- in fact, the network-layer DDoS attack has become smaller and faster. Bad actors are finding it easier to exploit vulnerabilities, given the current dominant DDoS stream characterised by smaller, faster attacks. The aftermath remains expensive and disruptive.
Growing attack vectors
According to Cloudfare’s market data, upwards of 32 different types of attack vectors have appeared in Q1-2020 on layer 3 and 4 (L3/4). The majority were ACK (acknowledgement signal) attacks followed by SYN (synchronise request) attacks, and then Mirai (botnet malware). SYN & ACK DDoS attacks formed over 70% of all L3/4 attack vectors in Q1-2020.
DDoS mitigation techniques: Play defence with prevention and detection
The on-premise and cloud-based DDoS prevention market is growing. But one of the most basic things enterprises can do is introducing security-by-design strategies as a first defence layer. Detection is one of the most effective routes to prevention, and security layers and mitigation techniques ensure sufficient oversight in detecting and protecting potential cybersecurity problems, particularly DDoS attacks but also other security and privacy concerns.
Standard security solutions: First line of defence
DDoS detection (rate limiting, request inspection/throttling)
cache poisoning mitigation strategies
front and backend TLS
web application firewall (WAF)
total cache encryption (make stolen or leaked data useless)
Other mitigation techniques also aid in security and privacy:
origin shield (protect backend servers from DDoS or other traffic tsunamis; monitoring and shielding at the network edge)
high availability setups
customisable authorisation/authentication policy for access control, customisable paywalls and single sign-on integrations
real-time traffic monitoring (employed in DDoS prevention)
It’s impossible to stop all DDoS attacks, but mitigation strategies can prevent and reduce their impact.