Perry Hutton. Image supplied.
Due to the bandwidth boom in South Africa, a significant increase in Distributed Denial of Service (DDoS) attacks at an application level has been recorded, said Perry Hutton, regional director for Fortinet in Africa.
“Until recently, DDoS attacks were complex to launch and appeared to target mainly high profile organisations and websites, but this has all changed. Now everyone is at risk, anyone connected to the internet is a possible target,” said Hutton.
A DDoS attack, which suspends services of a host connected to the internet are generally categorised as volumetric attacks and application-layer attacks.
A volumetric attack is described as flood attacks, which saturate both network bandwidth and infrastructure while application-layer attacks were designed to target specific services, the result of which is an exhaustion of resources.
Hutton said application-layer DDoS attacks are more difficult to detect because they use less bandwidth. “The ideal situation for application-layer DDoS attacks is where all other services remain intact, but the webserver itself is completely inaccessible.”
“DDoS attacks have evolved – along with the proliferation of botnets – into one of the biggest threats on the security landscape. Traditionally, the challenge in South Africa has been the fact that with limited bandwidth capabilities, it is far easier for DDoS attackers to disable infrastructure rather than services,” said Hutton.
According to Hutton the recent and highly visible attacks included state sponsored cyber-warfare, politically motivated attacks, organised cyber crime, and social activism. These are often the result of DDoS tools availability and botnets for hire.
Hutton said the largest risk a company or organisation faces from DDoS attack is the negative impact caused by downtime, loss of revenue, and the potential loss of important data.
“In addition to lost revenue due to downtime, there are also costs related to IT analysis and recovery, loss of worker output, and possibly also financial penalties from broken service level agreements,” said Hutton.
In terms of setting up a defence Hutton said due to ongoing changes organisations must implement the appropriate multi-layer defences and Domain Name System (DNS) server protection.
Hutton said organisations should also draft a response plan in order to ward off DDoS attacks and guard against the impact it will have on the business and its reputation.
“As part of an overall defensive strategy, organisations must protect their critical assets and infrastructure. Many firms maintain their own DNS servers for web availability, which are often the first systems to be targeted during a DDoS attack,” said Hutton.
Hutton added organisations must be vigilant and monitor their systems before, during and after an attack.