DDoS attacks are one of the most common forms of cyber-attack happening in the world today.
Over the last couple of years we’ve seen some gargantuan DDoS attacks. From Sony to Yahoo, eBay, Amazon, Dell, and most recently the BBC. These organizations are some of the largest in the world, and yet they have been unable to handle the capacity generated by attacks as large as 602gbps. Only a couple of months ago did a group of hackers take down one of the internet’s DNS root servers - a datacenter which forms part of the backbone of the internet, using a DDoS attack of unprecedented proportions. I repeat; someone broke the internet.
What we are seeing here is a trend in which the power of DDoS attacks is going in a general upwards direction, which is bad news for, well, everything really. In 2012 the largest DDoS attack was approximately 300gbps, compared to the 600gbps attack on the BBC recently. These attacks are getting bigger, and the largest of organizations are now struggling to cope with the sheer power of these attacks.
Additionally, bandwidth and internet speeds are getting faster and faster. Five years ago the average broadband speed was approximately 9Mbit/s, whilst the average today is approximately 22Mbit/s. We are also looking at much faster home computers these days, with new technologies such as the multi-tiered N3XT chip set to revolutionise home computing with potential performance boosts by a factor of 1000. DDoS attacks typically harness the power of home computers affected by Malware by incorporating these machines into a very large botnet, therefore faster home computers means more powerful DDoS attacks.
All of this can mean only one thing; DDoS will get worse. The question is, how do we stop this?
In my opinion, there are two possibilities:
- The internet needs bigger veins. A big upgrade to the backbone of the internet will see most datacenters such as those held by large organizations being able to cope with much larger attacks. This is, of course, far from future-proof. An upgrade now would mean that DDoS attacks will be big news again in a few years once the power of DDoS attacks has caught up, and the vicious cycle would continue. Not only does this fail to address the root cause, but it would be very expensive, datacenters would have to improve their capability in order to handle additional bandwidth, and world leaders would have to attend far too many meetings.
- Defence technology needs a bigger brain. Significant improvements in the algorithms that detect DDoS attacks have to be made, and these improvements have to be public so that vendors such as CloudFlare, Cisco and Incapsula can provide the required levels of protection to organizations sustaining these attacks. There are multiple techniques for conducting DDoS attacks, such as Amplification and SYN flooding. More research into these techniques would likely discover more efficient ways to defend against them, enabling vendors to block this kind of malicious traffic rather than overcome the power of these attacks with brute-force.
I believe that option two is the best way forward, however most technology companies with an R&D department wouldn’t release their findings free of charge. Luckily for us, universities, some security companies, and even individuals actively conduct research on similar topics and release their findings without seeking financial incentive.
With more focus on researching ways to defend against DDoS attacks, we could put an end to this terribly disruptive medium, with long-term savings in the billions for corporations as they would no longer have to face the reputational and business-stopping effects caused by these attacks. It is strongly believed that defence will always play catch-up with attack, however I see no reason why strict adherence to the 7 P’s could not begin to level the playing field.