Successful hacks can paralyse websites, enable corporate or personal data to fall into the wrong hands and potentially damage the image, reputation and sales pipeline of the organisation under attack. For many, this begs the question ‘Why us?’
Influence & Power
Hacking isn’t always about causing damage, destruction or for financial gain. The objective of many hackers, especially “hacktivists” is purely to raise awareness, influence or to send a political message. The hacker group Anonymous was able to create a massive amount of publicity for itself in the run-up to the World Cup in Brazil by attacking the servers of global sponsors such as Adidas, Emirates and Coca-Cola.
Ultimately, the actually damage caused was limited and did not affect the running of the tournament. Nevertheless, the hackers took advantage of worldwide interest in the event to draw attention to their particular goals and beliefs.
When information is power, the theft of sensitive data is often the target for attackers. In August 2014 Russian hackers seized 1.2 billion login combinations and more than 500 million e-mail addresses, according to a US security firm. The sheer magnitude of this type of attack shows clearly that direct attacks on websites can be some of the most dangerous.
In order to maximise the damage done or to capture as much data as possible, hackers often choose targets whose business model is based around holding large amounts of data such as large e-shops, banks, government agencies or Internet Service Providers (ISP). Attacks on an ISP can be particularly wide reaching especially if it hosts several thousand websites of companies and private individuals.
The Virtual Crowbar: DDoS
One common type of attack is the Distributed Denial of Service (DDoS), in which hackers flood the enterprise server with millions of requests per second. This type of attack can quickly bring down the server as a result of massive overloading. Not only can this cause the company’s web site to crash but it also means that any IP-based applications can no longer be used, which for many companies means no business.
Added to this, hackers can use the vulnerabilities caused by the overloaded DNS server to influence the DNS cache and redirect web traffic to another, potentially fraudulent site. This can all be achieved without the end-user even being aware of a problem; without realising they could easily be entering their personal details or sharing financial information with a rogue web site, designed to impersonate the genuine article.
Prevention Is Better Than Cure
The basic principle of a DDoS attack is simple: more transactions or requests are made to a server than it can physically answer and every day brings news of yet another attack on an even greater scale. In 2013, two thirds of DDoS attacks flooded their targets with more than one million requests per second. As even the most efficient conventional DNS server can currently only process up to 300,000 requests per second, companies need to invest in dozens of servers and additional components, such as Load Balancers, in order to protect themselves from such attacks.
This is not only a highly complex and expensive IT infrastructure to install and maintain, but while free from attack, the servers are redundant. A more cost-effective alternative to mitigating the effects of a DDoS attack is to install an appliance-based solution, which can process around 17 million queries per second with just one appliance. The high performance provided by just a few appliances, compared to potentially dozens of servers, means that the effects of even large attacks can be managed and mitigated, with virtually no consequences to the business.
The most important finding of the past few years is that hackers are becoming smarter and more professional in the way they organise their attacks. Not only are they able to detect the security solutions in place, they also know how to work around them. Most companies are just not aware of these risks and, at best, only invest in a few specialised DNS security solutions. The DNS server is potentially the weakest link of the entire IT infrastructure, yet with a simple solution the dangers of DDoS attacks can be easily and cost-effectively avoided.