As part of our experts Comments Series, Dr Guy Bunker, CTO at Clearswift Cyber Security commented below on the subject of the recent use of DDOS attacks on the messaging app Telegram, which the founder of Telegram states was a concerted state-sponsored attack intended to disrupt the Cantonese anti-extradition protests. Dr Bunker discusses the ways in which the attack may have been carried out, as well as how firms can protect themselves from such attacks.
Dr Guy Bunker, CTO at Clearswift:
“DDoS attacks can be carried out in a number of different ways, and it has become increasingly simple to ‘hire’ a botnet to carry out the attack by multiple means which makes it more difficult to prevent. Programmes such as LOIC has been around for many years and so can be mitigated relatively well against using network filtering – which many of the larger internet based applications, e.g. messaging apps, already have.
For larger application providers, success against a DDoS attack is a question of numbers, is it possible to filter out the junk requests and increase the bandwidth available to ensure that the service stays up for legitimate users faster than the number of junk requests which are being sent to take the system down. For smaller providers, particularly those who do not have their own datacentres, they will have imposed bandwidth limitations that can be more easily taken out by the attacker.
Organizations who rely on cloud based applications need to ensure that they ask questions of the provider around security. While this is often about data loss and how it can be prevented, they should also ask about DDoS and what monitoring and controls are in place to prevent a DDoS attack. Within the cloud (and depending on the application), it is entirely possible for an attack to be launched against *another* customer of the same service, which brings down the service which will then impact your organization. Ensuring that the provider has adequate DDoS detection and prevention in place needs to be part of the evaluation of that service.”
Bob Noel, VP of Strategic Relationships at Plixer:
“This was a typical DDoS attack and while the latest data shows that the number of attacks are down, many are lasting longer, leading to greater disruption of the business. When under attack, it is important for network and security teams to quickly understand the type of DDoS attack they are experiencing —e.g., volumetric-, application-, or protocol-based. There are many types of DDoS, and being able to recognize the variety helps teams know how to stop them. Network traffic analysis provides visibility needed to do this, helping businesses find the root cause quickly, stop the disruption, and return to normal. This keeps the business operational and customers happy.”