DDoS in the cloud: who’s watching your back?

Cloud computing is seeing a steady and undeniable growth in adoption across all types of industries.

Growing just as progressively, however, is the extent to which it puts many corporate networks directly in cyber attackers’ line of fire – most specifically when it comes to distributed denial of service (DDoS) attacks.

The challenge with moving servers and data into the cloud is that it increases the attack surface. All of a sudden, you’re not the only one at risk from a DDoS attack. The cloud service provider’s other customers are too, and that can have implications for everybody involved.

An article from The Register explains it best, when it says private cloud is like getting into the same bath as everyone else. “Who are you sharing your servers with? No matter whether your environment is co-located, or a single or multi-tenant hosted environment, you may be rubbing shoulders with other companies less salubrious than yours, [which] draw more attention online. If that attention includes denial of service traffic, your business could suffer.”

Arbor Network’s territory manager for sub-Saharan Africa, Bryan Hamman, comments, “As the article explains, you could be sharing a private cloud data centre with the Westboro Baptist church, and should Anonymous decide to teach it a lesson, there may be some spillover.”

DDoS attacks are fast becoming an area of great concern for corporate cyber security professionals, he says. While not a new problem, the size and scale is heading skywards at an alarming rate, driven by the growth in number of Internet of Things (IoT) botnets used to deploy these attacks.

“IoT devices are proliferating across networks, something that brings with it as many business benefits as it does risks,” says Hamman. “According to the latest Annual Worldwide Infrastructure Security Report (WISR) produced by Abor Networks and released in January 2018, 48 percent of respondents in the enterprise, government and education (EGE) sector experienced multi-vector attacks, while 57 percent of this same group saw their internet bandwith saturated due to DDoS attacks, up from 42 percent in the previous year Survey respondent mix: 45 percent enterprise, government and education; 55 per cent service providers.

The 2018 WISR notes the following breakdown within targeted customer verticals among its service provider respondents during the period of the report:

·        End-user/subscriber: 70 percent targeted by DDoS attacks

·        Financial services: 41 percent targeted

·        Cloud/hosting: 39 percent targeted

·        Government: 37 percent targeted

·        Gaming: 32 percent targeted

·        Education: 29 percent targeted

·        eCommerce: 26 percent targeted

·        Gambling: 21 percent targeted

·        Manufacturing: 14 percent targeted

·        Healthcare: 10 percent targeted

·        Energy/Utilities: 10 percent targeted

·        Law enforcement: 9 percent targeted

It’s a bitter pill to swallow, says Hamman, but the increase in intelligence and severity of the DDoS attack, and its prevalence across devices that operate through or live in the cloud, have definitely seen C-suite and company boards moving DDoS defence to the top of their priorities lists.

“Because these attacks are so frequent and intense, attempting to stop them at source is not a practical option,” he says. “There is also the constant threat of being caught in an attack – even though you may not be the target – but there are actions to be taken that mitigate the harm associated with a DDoS attack, one of which is to deploy multi-layered protection from the edge of the network through to the cloud.”

On-premise protection does well to guard against attacks aimed at the security infrastructure of the organisation, and it also prevents stealth attacks that bypass firewalls and intrusion prevention systems, but low-and-slow application-layer attacks generally fly well under the radar of many cloud-based solutions and traditional solution like firewalls and IPS.

These types of attacks can only be detected and blocked by purpose-built intelligent DDoS mitigation solutions. Using a solution of this kind enables users to manually signal the cloud deployment about the attack, while users can also pre-set the on premise solution to automatically send a cloud signal upstream when a threshold is reached.

“This solution would also proactively protect against high-bandwidth DDoS attacks whilst enabling enterprises to maintain control over DDoS mitigation via the on premise solution,” says Hamman.

“A local-only approach is not going to be enough to manage the growing size of attacks; businesses should be looking for a solution that offers sufficient capacity to cope with large and growing DDoS attacks while providing protection for all cloud-hosted assets (along with on premise assets) under one contract.”