In 2016, the services of multiple internet giants including Netflix, Electronic Arts, PlayStation Network, Spotify, Twitter, and HBO were brought to their knees as a Distributed Denial of Service (DDoS) attack on DNS-provider ‘Dyn’ reared its head. The first-of-its-kind attack, estimated to have transferred malicious traffic at a bandwidth of 1.2Tbps, was too big to have been jettisoned using existing cyber defences.
The attack, although unique in its scale, was hardly the first, or presumably, last. Gaurav Malik, Sales director, Limelight Network India, believes that such terabit attacks have lately become recurrent and have constantly grown in size. This year itself, a 1.3Tbps attack was confirmed on Github and a week later, Arbor Networks reported a 1.7Tbps attack on a customer of a leading US-based ISP.
The Cost of Transaction
DDoS attacks are orchestrated for various reasons – from vendetta, hacktivism, and vengeance to rivalry and extortion – and so are the Tactics, Techniques and Procedures (TTP) adopted by cyberattackers – but the end-result is often the same. These attacks result in service outages and cause a dent in overall revenue through downtimes. A research by Neustar on 1,010 enterprises last year revealed that businesses incur an average of US$2.5 million as financial costs to DDoS attacks. It also revealed that loss of revenue at peak times for 63per cent of affected businesses reached as much as US$100,000 per hour.
The post-war analysis of a cyberattack demonstrates that these attacks are even more detrimental to businesses in the long run. A recent Limelight Networks report revealed that 71.95per cent of customers develops a negative opinion of a platform that has experienced a cyberattack. The same survey also showed that only 21.14per cent customers are willing to make transactions through a website that had previously been hacked.
DDoS attacks can also be conducted to serve as a masking event for a broader network penetration goal. As businesses progressively rely on cloud servers, they are further increasing their attack surface, as an attack on any of a given Cloud Service Provider’s (CSP) users can result in a subsequent spill over. Such spill overs, even in the best-case scenario of slowing down the service, can dramatically affect a content delivery platform. 80 per cent of digital viewers leave a website if their desired content is inaccessible within the first few seconds. Only 11 percent of viewers pick another content from the same website – resulting in a massive turnaround rate.
However, managing and countering DDoS attacks, as well as the other cybersecurity threats, is although challenging, but not an impossible task. This year’s attack on GitHub and the one reported by Arbor, for instance, despite being over 40 percent more powerful than the infamous ‘Dyn’ attack, were both securely mitigated. This is precisely what content delivery networks (CDNs) need to do in order to ensure they operate sustainably and profitably.
Message in a bottle:
Extending quality experience to the end-user entails protection from a variety of potential threats. Security not only has to be provided to the data at the source but also to the data at rest, in transit as well as the data in use.
Today, leading CDNs are effectively countering the underlying challenges using evolved security measures. This includes passive attack mitigation through defensive protection, securing in-transit data (from man-in-the-middle attacks) using Secure Sockets Layer (SSL) footprints, geo-fencing for limiting the control of access to a particular geographical region, Internet Protocol (IP) blacklisting for screening out suspected compromised devices, web application firewalling, and Open Web Application Security Project (OWASP) Top 10 secured origin servers. State-of-the-art CDNs also integrate specialised DDoS attack interceptors and have tokenization-based video stream access controls to further prevent malicious traffic from consuming the network bandwidth. They also leverage cross-origin resource management to allow content to be sourced from multiple locations (proxy servers) while restricting reverse data transfer to origin servers.
But as we enter the era of terabit-level DDoS attacks, cutting-edge CDNs are proving their worth weighed in gold to business enterprises. Leveraging their clout in a globally distributed network, CDNs have successfully mitigated threats relating to DDoS attacks that are even conducted at a terabit rate. They divert the incoming traffic to their globally distributed point of presence (PoP) locations, thereby leaving the remaining traffic flow (of both an under-attack platform as well as an unrelated customer) intact. They also restrict the number of server requests made per second by a single IP server and collate real-time data of an attack along with historic attacks and intelligence report of threats for future references.
DDoS attacks are conducted on a day-to-day basis and are becoming more complex with vibrant TTP and technologies used by attackers. These advancements in cloud network by CDNs, however, are making online platforms more reliable, securing their service delivery even vis-à-vis terabit-level DDoS attacks. Their biggest advantage is perhaps that besides managing the content requirement of a platform, CDNs are also helping them manage negative brand perceptions and eliminate losses experienced during and post such events. In a world being increasingly threatened by cyber attacks, it is time more advanced tools and technologies are adapted to turn the tables on cybercriminals and provide a secure environment for content delivery.