But you do not need to build your own Botnet to launch a DDoS attack. You can rent one. By the hour. CHEAP - as in less than US$25/hour - and we've seen advertisements for botnets as low as US$9/hour. And the tools that are actually used by the botnets are becoming more sophisticated and easier to use. The technical sophistication needed is lower every year - and the resources are cheaper. That all translates to a larger group of attackers aimed at a much wider set of targets. Companies that did not need to consider themselves targets a year ago, because they thought it was too much effort, now need to reconsider.
Targets of Opportunity
Companies in the online gaming, financial services, media, and e-commerce sectors all are highly exposed. They are heavily - if not solely - dependent on their Web presence for their revenues, and with few exceptions, do not have the financial resources to over-provision their capacity in order to withstand these attacks. Bandwidth and application-level resources are the two most common resources that are consumed by these attacks. And there is considerable history at this point to indicate that extortion is an ongoing problem - "pay me $XXX or I will shut you down."
There are three strategies available for defending against DDoS attacks:
1) use a purpose-built appliance specifically intended to identify and filter out DDoS traffic;
2) use a 3rd party specialty service provider that will identify and filter out DDoS traffic on-demand; and
3) use a tier 1 service provider that has the ability to identify and absorb the DDoS traffic, and subsequently scrub it.
Each of these options is supposed to return clean traffic to the targeted site.
There are other approaches that enterprises occasionally consider - and then discard (for good reason):
1) over-provision bandwidth - this fails because the attackers can scale up traffic far faster and at negligible cost while the enterprise will take time and go broke attempting this;
2) use existing network infrastructure to filter out DDoS traffic - this fails because of the likelihood that good traffic will be mistaken for bad traffic, effectively fulfilling the intent of the attack, cessation of meaningful business activities.
Managed service providers are the choice of most enterprises that implement successful DDoS defence strategies - and for good reason. The service providers have the experience, the staff, and the infrastructure needed to recognise and mitigate attacks. The specific defensive approach that is most appropriate to a targeted enterprise depends, however, on their expected incidence of attack, the types of attacks expected, and the organisation's financial resources, so the answer will vary by enterprise.
Sign up for Computerworld eNewsletters.