503 “Service Unavailable” …Ever receive this error code from one of your web servers?
How about this in your log files?
TCP 192.168.3.102:34678 220.127.116.11:443 ESTABLISHED
TCP 192.168.3.102:34680 18.104.22.168:80 ESTABLISHED
TCP 192.168.3.102:34685 22.214.171.124:443 TIME_WAIT
TCP 192.168.3.102:34696 126.96.36.199:443 TIME_WAIT
TCP 192.168.3.102:34705 188.8.131.52:443 TIME_WAIT
TCP 192.168.3.102:34715 184.108.40.206:443 TIME_WAIT
Busy server? Maybe not. It could be the result of an application-layer DDoS attack.
What is at risk in a DDoS attack on an enterprise website or network? Certainly, there is a financial risk, as revenue will likely be lost as a direct result of the attack. There is the cost of remediation, and affected customers may have to be compensated. There is a legal risk if confidential user data is compromised. Service providers may face financial and legal consequences if they have failed to live up to their SLAs. Then there are intangibles, such as damage to a company’s brand or reputation, that will show up down the road in the form of a lost business and falling stock prices.
In January 2018 NETSCOUT Arbor published our 13th Annual Worldwide Infrastructure Report (WISR 2018).
This year’s report noted that the largest DDoS attack was 650 Gbps; which was down from the prior year of 800 Gbps. The report also noted that though the largest DDoS attack was 650Gbps, the overall mix of attack sizes is still shifting up. For example, this year the percentage of attacks over 1 Gbps has increased to 22%, growing three years in a row.
No sooner had the ink dried on WISR 2018, did we encounter a 1.7Tbps DDoS attack!
The case for a managed DDoS protection and mitigation service is well established. Partnering with a provider that can oversee the system’s operation takes a big IT issue off your plate, augments your staff resources, and gives you access to specialized DDoS expertise. But not all managed DDoS services are alike. How can you tell a great one from a merely good one? Here are the hallmarks to look for.
By Kirill Kasavchenko
As with any new technology, Network Function Virtualization (NFV) has its own adoption cycle driven by business realities. Once a subject of hype, NFV is a reality for service providers in 2018. NETSCOUT Arbor sees a lot of customers either deploying or evaluating NFV in earnest; quite a few are already using it to deliver revenue-generating services to their customers. The motivation for deploying NFV in service provider environment is clear: to deliver managed services more quickly and more cost-effectively, enabling their consumption by small- to medium-sized enterprise customers (SME) and broadening the market in the process. To achieve these goals, service providers are looking to automate many aspects of service delivery and turning to management and orchestration systems (MANO) for help, sometimes shortened to “orchestrators.”
DDoS attacks don’t observe holidays. They don’t take breathers. They don’t honor white flags. There are no truces, no prisoner swaps, no treaties or negotiations. Thousands of attacks are taking place at this very moment around the world with no sign of let-up. Peace is clearly not at hand.
On Dec. 1, 2016, the Commission on Enhancing National Cybersecurity introduced a set of goals for the new administration, and protecting the nation’s infrastructure and commerce against DDoS and Botnet attacks was high on the list. A Presidential Executive Order from May 2017 re-emphasized this priority, seeing the importance of our connected world and its fragility based on the growing threat raised by the plethora of vulnerable, consumer focused Internet- connected devices. Attackers from any spot around the globe can use vulnerabilities in these connected devices and across our digital infrastructures, and other vectors, to cause both digital havoc and increasingly catastrophic physical damage across our nation’s critical infrastructure.
Scheduled to take effect on 25 May 2018, the General Data Protection Regulation (GDPR) calls for unprecedented changes in the way organizations collect, process and protect the personal data of EU citizens.
As DDoS attacks grow in frequency and bandwidth each year, detection and proactivity become crucial to maintaining system functionality on both back-end structures and front-end user interfaces. In the case of political elections, keeping polling up and running can mean the difference between fair democratic processes and skewed election results. In today’s shall we say ‘tempestuous’ international climate, clarity in how we choose our world leaders is paramount. Unfortunately, cyberattacks that impede this goal are only too common.
In reviewing the IPv6 threat concerns identified in the 13th Annual Worldwide Infrastructure Security Report (WISR), I am stricken by how today’s perceived threats are similar to what was observed and expected by early adopters 10 (or even 15) years ago.