THE COST OF DDOS ATTACK: Risk assessment, mitigation and protection for businesses
Jan 22, 2018
AGENDA
What is DDoS?
Attack methods and common scenarios
Risk assessment
The impact and cost of DDoS attacks
DDoS as a cover-up for other attacks
Prevention and mitigation
DDoS protection
THE COST OF DDOS ATTACK · 2
http://media.kaspersky.com/en/business-security
/enterprise/DDoS_Protection_White_Paper.pdf
THE COST OF DDOS ATTACK · 3
WHAT IS DDOS?
A Distributed Denial of Service (DDoS)
attack is one of the most popular weapons
in the cybercriminals’ arsenal. It aims to
make information systems such as websites
or databases impossible for regular users to
access normally.
There can be different motives behind
launching DDoS attacks, ranging from
cyber-hooliganism to dirty competition
practices or even extortion.
THE COST OF DDOS ATTACK · 4
DDOS ATTACK METHODS
VOLUMETRIC ATTACKS
These attacks are increasingly common. By generating traffic levels that exceed
the target business’s available bandwidth, the attack saturates the capacity of the
victim’s corporate Internet connection – and that disables or delays all online
activities.
APPLICATION LAYER ATTACKS
Application layer attacks try to crash the servers that are running vital applications
– such as the web servers that the victim’s online presence depends on.
OTHER INFRASTRUCTURE ATTACKS
Attacks that aim to disable network equipment and / or server operating systems
can totally halt the operation of key business processes.
HYBRID ATTACKS
Cybercriminals also launch complex attacks that combine several methods –
including volumetric, application layer and infrastructure attack techniques.
http://media.kaspersky.com/kaspersky-ddos-protection-data-sheet.pdf
2. Launching a DDoS amplification attack through publicly available
servers containing software vulnerabilities
Under the second scenario involving an amplification attack, servers
leased out from a data center can be used instead of bots. Public
servers with vulnerable software are typically used for enhancement.
Today, either DNS (domain name system) servers or NTP (network
time protocol) servers can be used. An attack is amplified by spoof-
ing return IP addresses and sending a short request to a server that
requires a much longer response. The received response is sent to
the spoofed IP address which belongs to the victim.
TWO COMMON DDOS ATTACK SCENARIOS
http://media.kaspersky.com/en/business-security/DDoS-Protection-White-Paper.pdf
THE COST OF DDOS ATTACK · 5
1. Sending requests directly to the attacked
resource from a large number of bots.
In this scenario, cybercriminals turn
a multitude of computers into
remotely controlled “zombies”
which then follow the master’s
command and simultaneously send
requests to the victim computing
system (conduct a “distributed
attack”)
The top three industries
most likely to suffer from
a DDoS attack are:
telecoms, financial
services and IT.
BUSINESSES AT RISK
A DDoS attack is most likely to last for several hours.
But 6% of businesses reported attacks that latest a
week, resulting in a severe impediment of services.
CUSTOMER PORTAL/LOGIN AREA
COMMUNICARIONS SERVICES
PUBLIC WEBSITE
TRANSACTIONAL SERVICES
FILE SERVERS
LESS THAN 10 MINUTES 10,1%
IT/TELECOM
24%
FINANCIAL SERVICES
21%
CONSTRUCTION AND ENGINEERING
20%
41%
40%
39%
29%
26%
THE COST OF DDOS ATTACK · 6
29,1%
37,9%
14,3%
6,1%
0,5%
1,9%
10 MINUTES TO AN HOUR
SEVERAL HOURS
A FULL DAY
2 DAYS TO A WEEK
SEVERAL WEEKS OR LONGER
DON’T KNOW/CANNOT SAY
The top three types of
infrastructure targeted are:
public websites, the limited
access customer portal,
general communications
infrastructure
UNDERSTANDINGTHE IMPACT
The direct financial costs of recovering from a DDoS attack can be massive regardless of industry
– lost business opportunities, reputational risks and many other things.
https://www.kaspersky.com/small-to-medium-business-security/ddos-protection
THE COST OF DDOS ATTACK · 7
Failed sales
transactions during
downtime periods
Negative publicity that
dissuades existing
customers and
potential clients
Failed transactions
with possible
penalties
Damage to your
business brand that
could take years to
recover from
Direct
financial costs
Your own team
needs reliable
access to key
services
http://newsroom.kaspersky.eu/en/texts/detail/article/lose-a-fortune-one-ddos-attack-can-cost-a-company-over-16m/http://newsroom.kaspersky.eu/fileadmin/user_upload/en/Campaign/KESB_2013/Pdfs/20160930_Press_Release_DDoS_cost_ENG_Final.pdf
THE COST OF DDOS ATTACKS
The average cost of a DDoS attack is $106,000 for smaller
companies and more than $1.6 million for enterprises
BIGGEST EXPENSES ASSOCIATED WITH DDOS ATTACK:
If an attack is detected in the first 24 hours,
the costs can be almost halved, compared
to an attack detected over a day later.
THE COST OF DDOS ATTACK · 8
CHANGES TO THE
CREDIT RATINGS
CHANGES TO THE
INSURANCE RATINGS
OVERTIME PAYMENTS
TO EMPLOYEES
10%
STAFF TRAINING
10%
PR EXPENSES TO RESTORE A COMPANY’S REPUTATION
9%
19%
Medium and Large Companies
20%
Small Companies
17%
OTHER MAJOR DDOS-RELATED COSTS
CUSTOMER COMPESATION
12%
UPGRADING IT INFRASTRUCTURE AND SOFTWARE
THE COST OF DDOS ATTACK · 9
REPUTATION DAMAGEDUE TO CUSTOMERS’MISCONCEPTION
https://www.kaspersky.com/small-to-medium-business-security/ddos-protection
If your business is subjected to a DDoS attack, it could also suffer
additional losses that result from misconceptions about exactly
what a DDoS attack is – and how it could affect your customers.
Even though DDoS attacks are unlikely to have any effect on your
customers’ security, can you be sure your customers will
understand this?
Whenever customers hear about a ‘security incident’ – any
security incident – some may fear that their confidential
information, bank details and credit card numbers could be at risk.
Even though these fears may be totally illogical – and stem from
customers’ misunderstandings about the nature of DDoS attacks –
your business could still suffer.
THE COST OF DDOS ATTACK · 10
Audit IoT devices within
your infrastructure
Change any default settings
(especially common in medium
and small companies using
consumer-level routers)
https://securelist.com/analysis/quarterly-malware-reports/76464/kaspersky-ddos-intelligence-report-for-q3-2016/
https://business.kaspersky.com/iot-ddos/6210/
Enable secure passwords
everywhere
THE INTERNET OF THINGS AS A DDOS TOOL
The Internet of Things (IoT) is increasingly becoming a powerful tool for attackers,
facilitated by the neglect for information security both on the part of vendors and users.
HOW TO STAY PROTECTED
http://usa.kaspersky.com/about-us/press-center/press-releases/2016/Research_Reveals_Hacker_Tactics_Cybercriminals_Use_DDoS_as_Smokescreen_for_Other_Attacks_on_Businesses
THE COST OF DDOS ATTACK · 11
“DDoS can be used not only
as an easy way to stop the
activity of a company, but
also as a decoy to distract IT
staff from another intrusion
taking place through other
channels.”
KIRILL ILGANAEV,Head of Kaspersky DDoSProtection at Kaspersky Lab
56%
87%
29%
26%
of businesses questioned are confident that DDoS has been
used as a smokescreen for other kinds of cybercrime
of these business respondents reported that they
had also been the victim of a targeted attack.
of businesses that suffered from cybercrime said that
DDoS has often been part of the attack tactics
businesses that have suffered data loss as a result of a targeted
attack, named DDoS as one of the contributing vectors
USING DDOS ATTACKS AS A SMOKESCREEN
DDoS attacks are sometimes used by cybercriminals to distract
businesses while hackers sneak in through the back door.
ACCORDING TO 2016 KASPERSKY LAB CORPORATE IT SECURITY RISKS SURVEY
16% OF COMPANIES DO NOT USE ANTI-DDOS PROTECTION
https://www.kaspersky.com.au/small-to-medium-business-security/ddos-protection
THE COST OF DDOS ATTACK · 12
To ensure your business is adequately defended
against DDoS attacks, you need a DDoS attack
prevention solution that helps you to:
Detect any new attack as rapidly as possible
so you can defend your business very soon
after the hacker launches the attack.
Mitigate the effects of the attack as rapidly
as possible to help minimize – or totally
prevent – any disruption to the normal
business activities
DDOS PREVENTION AND MITIGATION
A GOOD ANTI-DDOS STRATEGY WILL HELP
Minimize downtime for business-critical
infrastructure & processes
Ensure customers can continue to
access online services
Maintain productivity for employees
Minimize reputational damage
DDOS PROTECTION– STAY SAFEWITH KASPERSKY LABDiscover how Kaspersky Lab
defends businesses against DDoS attacks