Jeff Harris
Chief Marketing Officer
Blog

Australian census attack shows why you should never discount DDoS

September 29, 2016 by Jeff Harris

Taking a census is a topic everyone supports, right?  It is good to collect and share information about your community and its citizens - or so you would think.  Australia’s first ever digital census took an embarrassing turn last month, as it got hit by massive distributed-denial-of-service (DDoS) attacks forcing the system offline. The website had, of course, been load balanced and tested ahead of launch to ensure it could deal with millions of citizens rushing to register their details – but it seems that testing didn’t take into account the possibility of a DDoS exploit.  The head of the Australian Bureau of Statistics, the organization behind the survey, said:   “We have load-tested it at 150% of the number of people we think are going to be on it … for eight hours straight, and it didn’t look like flinching.” 

Organizations are sometimes slow to draw parallels between DDoS attacks and more invasive cyberattacks that plant malware or ransomware in an effort to extract sensitive data. After all, DDoS attacks don’t technically ‘penetrate’ the target’s infrastructure. They don’t aim to make off with valuable information, or prevent users from accessing their data. Where other attack vectors are viewed as sophisticated criminality, DDoS attacks are too often viewed as little more than digital vandalism.

But vandalism is still a big problem. A successful DDoS attack can prevent your business from processing actual online orders for hours or even days. It can form a bottleneck in operations, preventing the fulfillment of orders or completion of processes. And worse, whether you lose any actual data or not, it makes you appear vulnerable.  And in an era fueled by social media and mobile devices, the bad news of a successful DDoS attack travels very, very quickly.  Earlier this year, the Neustar DDoS Attacks and Prevention Report, based on a survey of 1,000 IT professionals worldwide, found that half of organizations would lose $100,000 per hour or more if their systems were disabled by a peak-time attack, and 33% would lose more than a quarter of a million dollars every hour.  Can your organization afford to look unreliable and unprepared?

Test to Your Breaking Point

To mitigate the risks of service outages and lost revenues when launching a new online service or website is to test it under realistic attack conditions.  Ixia’s BreakingPoint includes a wide range of realistic attack flows -including emulating DDoS attacks at scale - so you can understand what problems the attack causes, and then put in place measures to mitigate their impact.  It allows you to be better prepared to defend against the real thing. 

If you haven't done so already, you should also look at how you can reduce your attack surface – that is, the exposure of their networks to malicious activity.  Attacks are often carried out from known bad IP addresses. If an IP address has a reputation for sending out attacks, why would you want it inside your network for any reason? If these IP addresses are prevented from even ‘touching’ the network in the first place, then they cannot be used to launch either DDoS attacks or penetrative cyberattacks. 

But reducing your attack surface also means blocking parts of the world where you know you don't do business.  In the case of the Australian census attack, the speculation is that the attack came from outside the country.  But if the goal was to allow Australians to register online, why not restrict the country access?  Blocking regions is simple if you know how, drastically reducing the workload on perimeter protection tools and extending the effectiveness of firewalls. Even if you didn't want to block everything, you could at least block geographical areas that are known to be responsible for a large proportion of malicious attacks.

Doing all this is simple with Ixia’s ThreatARMOR solution, a purpose-built threat intelligence gateway.  It uses a threat intelligence database of known bad IP addresses that is continuously updated, so there is very little risk of blocking legitimate traffic. Likewise, threats that are already on corporate networks – such as stealthy bots – can be automatically blocked from communicating out to their external command and control centers, reducing the risk that your computers will be used in similar zombie DDoS attacks.

DDoS attacks are a nuisance, but there are steps you can take to minimize their impact on your services or applications.  With the right approach to testing and defense, you can much more efficiently deflect these kinds of attacks and always look strong for your customers.