Denial of service, denial of business
According to a report from Emmerson Power, nearly a quarter (22%) of outages last year in data centres were caused by cybercriminals, and more specifically, distributed denial of service attacks (DDoS).
That is a sobering statistic, especially considering that the figure has risen from 18% in 2013.
“More worrying is when a DDoS attack is used as cover for something else, such as defence surveying for vulnerabilities or holes. But worse still is when a DDoS attack is carefully planned and tailored to force the victim into a position whereby they are blackmailed”
But why is this happening now? Why is there such a rise in these kinds of attacks?
Rise in attacks
The rise in attacks is partly because the mechanisms available for them are more, well, available than ever. There are now handy, user friendly sites where one can go and simply fill in a few details, such as the site to be targeted, the type of attack, the volume of the attack and, after entering credit card details, a big red button to commence proceedings.
This type of attack is usually low grade, disgruntled employee or misguided hacktivist sort of activity. It is not really anything to worry about.
More worrying is when a DDoS attack is used as cover for something else, such as defence surveying for vulnerabilities or holes. But worse still is when a DDoS attack is carefully planned and tailored to force the victim into a position whereby they are blackmailed. The attacker can deny the service provider, potentially costing millions.
Speculating for a moment, this may well have been the case with the National Lottery attack. Look at the pattern. On Wednesday last (20/01/2016), the jackpot was around €11 million. That is a fairly substantial pot, and given the time of year, would attract quite a heavy amount of traffic to the web site and point of sale (PoS) devices in shops for people to play. The attacker, and I’m speculating here, may well have launched the attack and, once seen to be effective, then asked for a ransom to stop. It is a known technique and usually comes from organised crime — disruption and then demand.
In the case of Boards.ie, it may have been a different case. In talking about the popular discussion site, one must point out that the people behind Boards are consummate professionals in fending off attacks and do so on a regular basis. Not only that, in the past Boards.ie has enhanced its reputation, not had it dented, by the way in which it has handled serious incidents.
In this case, the site came under attack on Sunday last (17/01/2016) and despite mitigating services being in place, it became unavailable on Monday. A statement on the site afterwards acknowledged that the attack was “larger and more sustained than any we have encountered before”.
Home of discussion
As Boards.ie is a discussion site for all things Irish people want to talk about, its unavailability is a serious threat to its existence. However, the fact that it is an open discussion site means that it is not necessarily a ransom motive behind the various attacks directed towards it. It could be from a disgruntled former user, a banned user, a person who mistakes the direction of a discussion on a certain topic as the outlook of Boards itself and objects. There are many more types of motivation at play.
What is also notable about these two instances is that they both had DDoS mitigation services, both using a provider who is listed in the top 10 of such recently.
This will increasingly be the pattern for Irish businesses. As being online, and not just web sites, but various services, in B2B, B2C and other modes, has become ever more critical to how we work, the prospect of being denied access or availability through DDoS, however motivated, is worrying indeed. As the Emmerson survey shows, having everything in a data centre does not necessarily provide 100% protection either.
The old adage seems to apply here too in that by making yourself the least attractive target for such attacks, you lessen the risk of being subjected to one, but, if an attacker is determined and well equipped, then for the moment, it seems, there is little can be done about it.