Distributed denial of service (DDoS) attacks have long been a concern among cybersecurity experts, but they’ve gained more prominence in recent years as the frequency and intensity of these attacks have grown. According to a report by NetScout Arbor, the total number of attacks increased from 6.8 million in 2016 to 7.5 million in 2017, with 60% of organizations surveyed across enterprise, government, and education sectors reporting between one to ten attacks. At the opposite extreme, 13% reported more than 100 attacks over a 12 month period.
Estimates of the financial impact of these attacks vary, but 2016 estimates put the number as high as $100,000 to $250,000 for every hour of lost service at peak times. In many cases, the mere threat of an attack can be just as costly. Hackers routinely use the threat of DDoS attacks to extort a “protection fee” from vulnerable organizations like criminal gangs threatening to trash a shopkeeper’s store unless it “pays up.”
A DDoS attack is a special type of cyber attack in which multiple systems make a significant number of attempts to access a server or network to disrupt service. This flood of traffic is usually made possible by the creation of a botnet, a virtual army of computer systems compromised by malware that are then directed to target a specific system. DDoS attacks are relatively easy to conduct and can be extremely effective against small to medium businesses with weak network security measures and few (if any) redundancies.
The most disruptive form of DDoS attacks are those that target domain name system (DNS) servers. These servers contain the public IP addresses, hostnames and communication protocols that form the backbone of the internet. When a DNS server is crippled by a DDoS attack, multiple systems and services can be affected. The 2016 attack on Dyn, for instance, took down Twitter, the Guardian, Netflix, Reddit, CNN and many other sites. With 82% of DDoS attacks targeting DNS servers, data centers hosting these servers are under immense pressure to step up their security measures.
Fortunately, today’s data centers have made important advancements in their cybersecurity measures. By delivering bandwidth through a blend of Internet Service Providers (ISPs) for increased resiliency and low latency, data centers can integrate multiple routing paths and networks to ensure that services remain online even if a single ISP comes under attack.
This level of redundancy provides substantial protection against both volumetric and multi-vector attacks. A volumetric attack is a traditional, “brute force” DDoS attack in which botnet systems flood a network with seemingly legitimate traffic. When faced with this form of attack, data centers can simply lean on ISP redundancy to cut the hostile activity off at the source until the attack has run its course. Multi-vector attacks are more complex strategies that combine a number of techniques to keep cybersecurity measures and IT personnel off balance so the attackers can slip through gaps in defenses. By relying on a blend of ISPs, data centers have more versatility to reroute service and recognize diversionary tactics associated with multi-vector attacks.
The network environment of a data center also makes it possible to scan all incoming traffic and erect substantial security in the form of firewalls and Intrusion Protection Systems (IPS). Scanning devices can also be distributed and combined with security software to provide additional protection at the individual server level. With systems that monitor traffic continuously for anomalous or potentially hostile activity, data centers can catch the early warning signs of a DDoS attack and take immediate action to avoid data loss while maintaining superior service uptime.
Thorough testing and simulations using predictive analytics can also identify weak points in the data center’s network infrastructure. Open ports, network bottlenecks, and interconnected systems all need to be identified and assessed for risk. Sophisticated algorithms can also monitor traffic to log suspicious behavior and alert data center customers to vulnerabilities in their services.
As Internet of Things (IoT) devices continue to become more widespread, data centers will also need to guard against the ways they could be compromised and used as an attack vector for DDoS attacks. Many IoT devices are not adequately secured and are easily infected by malware that can then incorporate them into a botnet. These devices may not be as versatile as other systems, but they can serve as a potential access point that allows hackers to gain entry to the more critical systems of an edge computing network.
The risks posed by IoT devices can be partially mitigated by secure edge data centers. Compromised devices can be identified and locked out from the network before they have an opportunity to disrupt services. Anticipating how IoT devices could be utilized as part of a multi-vector attack strategy should be a key step in any edge computing architecture, especially as these devices become more powerful and integrated into everyday life.
While DDoS attacks are becoming more prevalent and are continuously evolving to overcome existing defense measures, new innovations in cybersecurity are emerging to combat the threat. Data centers stand on the front line of this battle, providing extensive resources and protective strategies to keep their customers’ services up and running with as minimal disruption as possible. As creative new attack methods become the new normal, data center security will surely continue to rise to the challenge of providing peace of mind.