In war on cyber crime, website crippling DDoS attacks may be gaining the upper hand
Distributed denial-of-service (DDoS) attacks are increasing in frequency and severity and costing companies millions of dollars.
They overwhelm servers with requests for data, usually from the networks of hacked or compromised computers controlled by a criminal organisation. They usually take the website down or require a huge investment to keep it online.
"Extremely large attacks grab the headlines, but it is the increasing size of the average DDoS attack that is causing headaches for enterprises around the world," said Darren Anstee, chief security technologist for Arbor Networks, which monitors such attacks globally.
Arbor found there had been a spike in the number of large-scale attacks, with more than 50 so far averaging over 100 gigabytes per second, the equivalent of 20 Blu-ray movie files.
The increase in attacks may be down to the plunging cost of launching one. Cybersecurity firm Incapsula reported last month that, thanks to a "growing botnet-for-hire industry", anyone can launch a DDoS attack against a website they dislike for as little as US$38 per hour.
For those companies that are hit, the costs can vary. Incapsula estimates that "the real-world cost of an unmitigated attack is US$40,000 per hour".
Last December, hacking group Lizard Squad launched large-scale DDoS attacks against the PlayStation and Xbox Live networks, taking both of them down for an extended period and ruining Christmas for more than a few dedicated gamers.
Cloud services can help relieve some of the load by spreading the requests across dozens if not hundreds of servers. But such solutions are expensive and out of reach for many small businesses.
DDoS protection tools, like those offered by Cloudfare or Incapsula, check the requests before they reach the site.
They often delay it from loading to ensure the prospective visitor does not have malicious intentions. But this can slow down load times, much to the irritation of users.
As hackers keep proving, no system is foolproof and very large attacks are still quite capable of overwhelming the most sophisticated and expensive defence mechanisms.
"If a very determined bad guy aims at you, they've got a pretty good chance [of causing an outage]," Mark Egan, co-author of The Executive Guide to Information Security, told PC Gamer after last year’s PlayStation hack.