The Extortion Game – How To Approach DDoS

The number of Bitcoin ransom demands associated with DDoS attacks could increase significantly this year if the trend continues to grow at the rate we experienced at the end of 2015.

But what is fuelling this type of attack and what makes it a successful tactic? The answer has many variables, but the extortion game pricing strategy is one to consider. Like many economists and business strategists around the world, the hackers are adopting gaming theory to try and elicit a favourable outcome for both parties. By pricing their ransom demands below the cost of re-routing DDoS attack traffic through a cloud-based scrubbing centre, extortionists hope to tempt the victims into an economically viable method of squelching damaging attacks.

In this light, the ransom can seem like a cost-effective solution to eliminating a DDoS attack, but succumbing to these demands offers no guarantee that the attacker keeps his word.  Even worse, just one highly publicised event where the demands were met by the targeted victim, causes the extortion game to spread like wildfire, inspiring other attackers to utilise this technique.

Under attack

Part of what makes this strategy successful is that hackers know how expensive it is to mitigate a DDoS attack by using a cloud-based scrubbing solution. Identifying malicious traffic and then manually re-routing it through a scrubbing lane requires considerable human intervention. Not to mention, many attacks are short bursts of activity, potentially unrecognised by legacy detection and mitigation solutions.

Organisations using this method of defence also experience a huge escalation of costs due to the evolving nature of today’s DDoS attacks. Whereas it was once common to simply flood a network with traffic, today’s attackers utilise a range of different methods to achieve their goals.

Our customers have experienced a huge surge in the number of DDoS attacks targeting their organisations, with a 32 percent quarterly growth recorded at the end of last year – so it’s easy to see how switching to the cloud in each instance of an attack would quickly break the bank. The attackers know the costs associated with this type of mitigation strategy and seek to exploit this.

These kinds of threats are only going to rise as DDoS attacks become increasingly automated, allowing cyber criminals to enact hybrid, multi-vector attacks and expand their reach on an industrial scale. In these situations, attackers leverage one attack technique, such as a DNS flood, and if unsuccessful, automatically enact a second technique, such as an UDP flood, and keep leveraging different attack techniques automatically until their target’s Internet service is successfully denied.

This level of automation works considerably faster than humans and requires in-line visibility coupled with a high-performance mitigation solution to respond effectively.

The weaknesses of outsourced defence tools – being slow to react, expensive to maintain and unable to keep up with shifting and progressive threats – tell us that solutions appropriate for today need to be always-on and instantly reactive. It’s clear they also need to be adaptable and scalable so that defences can be quickly and affordably updated to respond to the future DDoS threat landscape – however it may evolve.

This type of defence is also increasingly available to purchase as a service from Internet Service Providers, who can position this kind of mitigation at a suitable peering point upstream in their network, in order to defend customers’ from DDoS attacks across their infrastructure.

Dave Larson is COO at Corero Network Security.

Are you a security pro? Try our quiz!