Global newswire service Business Wire suffered for nearly a week from a cyberattack designed to disable it. The company said it has been experiencing a “directed and persistent” denial of service attack since Jan. 31, though customer information has not been compromised. IT security experts commented below.
Stephanie Weagle, Vice President at Corero:
“Cyber attackers can quickly and easily launch a DDoS attack to interrupt service availability to any online property. In the media and communications industry, attacks against these sites can be used to silence or shut down an unfavourable individual or news story. While the motivations behind the sustained attack against BusinessWire news service remain unknown, the event has far reaching impact with users experiencing significant service degradation. (there were two uses of “impact”)
“Unfortunately, relying on Cloud based DDoS mitigation services to knock down the attack traffic, while allowing good user traffic to reach its intended destination is not always an economically sustainable method for long duration attacks. BusinessWire reports that the attack has been ongoing for almost a week.
“Corero research published in late 2017 revealed that the number of DDoS attacks almost doubled in the second half of 2017, with many companies now experiencing an average of 8 attacks per day. These attacks are also largely multi-vector in nature, and are proving to be more advanced and difficult to defeat with traditional infrastructure security tools. This uptick in attack frequency is largely attributed to the rapid growth of vulnerable IoT devices. As the number of connected devices grows, so do the threats that come with it, making this another major concern in cyber security for any Internet dependent business. The availability of Internet connected devices with vulnerable operating systems are paving the way for massive amounts of DDoS botnet activity, which is further driven by the proliferation of DDoS- for-hire services.”
Tim Erlin, VP, Product Management and Strategy at Tripwire:
“Distributed Denial of Service comes in a variety of forms and severities. While it’s entirely reasonable to expect an ISP to defend successfully against basic attacks, every system has its breaking point. No organization is immune to every type and volume of DDoS attack. Organizations have to evaluate the risks, and have to be informed well enough to interpret the results. While you can transfer risk, you can’t transfer responsibility for information security.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.