Tag Archives: difference

Homeland Security Wants To End The Scourge Of DDoS Attacks

In 2017, Homeland Security has as much to do with securing digital borders as it does geographical ones. One push the DHS is leading to make cyberspace safe for Americans is the DDoSD project. The first four letters — DDoS — should be familiar enough by now. We’ve numerous distributed denial-of-service attacks in the recent past, with targets ranging from African wireless carriers to cybercrime bloggers to one of the largest DNS providers in the world. It’s the last letter in DDoSD that makes all the difference. That D stands for defense, and the Department of Homeland Security’s Cyber Security Division (CSD) is funding multiple systems that have the potential to stem the rising tide of DDoS attacks. In a post published last week, the DHS stated that its goal is to “build effective and easily implemented network defenses and promote adoption of best practices by the private sector.” With the right tools and the public’s cooperation, the DHS hopes “to bring about an end to the scourge of DDoS attacks.” The DHS post points to a best practices document that was shared by The Internet Society way back in the year 2000. That document describes “a simple, effective, and straightforward method for using[…]traffic filtering to prohibit DoS attacks.” It’s a good starting point, but the DHS post notes that no one defense system can repel every attack. That’s why the DHS has multiple teams working on multiple solutions. One is a peer-to-peer system that would allow Internet providers around the globe to collaborate on the automated detection and mitigation of DDoS attacks. Others are focused on neutralizing high-powered attacks. There’s still work to do, but it’s great to see the DHS leading a coordinated effort because something needs to be done. Last year, DDoS protection provider Imperva Incapsula reported helping its customers fend off an average of 445 attacks every week. Their intensity increased dramatically, too, up from around 200Gbps in 2015 to 470Gbps in 2016. Add in a report from Verizon that named the three biggest targets of DDoS attacks as cloud and IT service providers (49% of all attacks), the public sector (32%), and banks (9%), and it becomes very clear why we need the DDoSD project to succeed. Source: http://www.forbes.com/sites/leemathews/2017/02/20/homeland-security-wants-to-end-the-scourge-of-ddos-attacks/#527bd1556c0f

Follow this link:
Homeland Security Wants To End The Scourge Of DDoS Attacks

Could a DDoS wipe out Black Friday online sales?

Don’t miss out on Black Friday sales: why retailers must prepare for DDoS threat to online shopping. The recent spate of Distributed Denial of Service (DDoS) attacks should be a call to action for online retailers to prepare their defences in the run-up to Black Friday. DDoS attacks flood a target website with redundant traffic and take it offline. This is bad news for any company with an online presence; it can damage the company’s image in the eyes of potential customers if they attempt to access support services, for example, and find that the site is not operational. But with retail, the threat is an existential one and in the case of Black Friday could make the difference between success and bankruptcy. An example of an existential DDoS was seen earlier this month when the website of bookmaker William Hill was attacked and taken offline for around 24 hours. The threat is not new to the betting industry; in 2004, the online betting industry was hit with DDoS attacks during the Cheltenham horse races. The technical team for the website worked tirelessly to restore service, but estimates of the company’s losses are in the millions of pounds. These seem significant, but one can only imagine the losses on a peak day (not to denigrate the importance of the KAA Gent vs Shakhtar Donetsk fixture that took place during the attack). Imagine if attackers had hit the betting site during a major tournament such as the World Cup or the Olympics. Black Friday is perhaps the retail equivalent of the World Cup. In 2015, consumers in the UK spent £3.3 billion during the Black Friday and Cyber Monday weekend. According to Rubikloud, a machine intelligence platform for enterprise retailers which analysed Black Friday sales in 2015, retailers acquire 40 percent more customers on Black Friday than the average shopping day. In this context, a DDoS could be lethal to a vendor. As Martin McKeay, Akamai’s Senior Security Advocate, says, “if retailers have a DDoS hit it could mean the difference between making or failing to make their figures for the year.” The Akamai Q3 2016 State of the Internet/Security report found that DDoS capacities are increasing. In the quarter Akamai found a 58 percent year-on-year increase in attacks of over 100 Gbps. Even without a DDoS, the traffic increase to a site will be huge anyway and the chances of a website crashing are there. Analysis by cloud and CDN provider Tibus suggests that websites including those of Boots, Boohoo, John Lewis and Argos suffered service outages during last year’s Black Friday. So what is to be done if retailers are to protect the November cash cow? The first step is to evaluate what a DDoS would do to an organisation, says McKeay. “Understand your exposure and what it will cost you. If you are a merchant you can’t take the chance of being knocked offline.” Visibility is the key foundation for DDoS mitigation. Having a view of the actual volume of traffic hitting your site allows decisions to be made on policy. In terms of the architecture of a DDoS prevention solution, there are three lines of defence: the basic mitigation in network equipment, dedicated customer premises equipment (CPE) devices and finally, cloud integration. A DDoS mitigation provider will be all too happy to talk a customer through the technological aspects of DDoS mitigation, but there are also important management decisions to be made. Crucially, think about the outcome you want. “Is it better for most of the people to have some service or all of them to have none? It’s about keeping the service available, because their goal is to not have it available,” Steve Mulhearn, Fortinet’s Director of Enhanced Technologies UKI & DACH, told CBR in a recent interview. Nowhere is that more true than in retail, where a vast array of factors come into play when a customer is making a transaction. Research, including a study by Baymard in July 2016, continues to show low conversion rates for online shopping: sometimes languishing around the 25 percent mark. Retailers will need to use their own data and experience of their own site to learn how to allocate resources. For example, focus on keeping online the parts of the site enabling the actual transaction rather than auxiliary services. Black Friday should be an opportunity for retailers, not a threat – which is why a DDoS prevention strategy should be on every online vendor’s shopping list. Source: http://www.cbronline.com/news/cybersecurity/breaches/ddos-wipe-black-friday-online-sales/

Visit link:
Could a DDoS wipe out Black Friday online sales?