Hacking isn’t always about causing damage or destruction for financial gain. The objective of many hackers, especially “hacktivists,” is purely to raise awareness, influence someone, or send a political message. The hacker group Anonymous was able to create a massive amount of publicity for itself in the run-up to the World Cup in Brazil by attacking the servers of global sponsors such as Adidas, Emirates, and Coca-Cola. Ultimately, any damage their efforts caused was limited and did not affect the running of the tournament. Nevertheless, the hackers took advantage of worldwide interest in the event to draw attention to their particular goals and beliefs.
Featured Download: Social media access at work. Do your employees know the rules?
As information is power, however, the theft of sensitive data is often the target for malicious attackers. In August 2014 Russian hackers seized 1.2 billion login credentials and more than 500 million e-mail addresses, according to a US security firm. The sheer magnitude of this type of attack shows clearly that direct attacks on websites can be some of the most dangerous. In order to maximize the damage done or to capture as much data as possible, hackers often choose targets whose business model is based on holding large amounts of data. These include large e-shops, banks, government agencies or Internet Service Providers (ISP). Attacks on an ISP can have particularly wide-reaching effects, especially if it hosts several thousand websites of companies and private individuals.
The virtual crowbar – DDoS
One common type of attack is the Distributed Denial of Service (DDoS) attack in which hackers flood an enterprise server with millions of requests per second. This type of attack can quickly bring down the server as a result of massive overloading. Not only can this cause the company’s web site to crash, but it also means that any IP-based applications can no longer be used, which for many companies means no business. Added to this, hackers can use the vulnerabilities caused by the overloaded DNS server to influence the DNS cache and redirect web traffic to another, potentially fraudulent site. This can all be achieved without the end-user even being aware of a problem, a possibility which therefore carries the risk of identity fraud and stolen personal information.
Prevention is better than cure
The basic principle of a DDoS attack is simple: more transactions or requests are made than a server can physically handle, and the attacks continue to escalate from day to day. In 2013, two-thirds of DDoS attacks flooded their targets with more than one million requests per second. As even the most efficient conventional DNS server can currently only process up to 300,000 requests per second, companies need to invest in dozens of servers and additional components, such as Load Balancers, in order to protect themselves from such attacks. This is not only a highly complex and expensive piece of IT infrastructure to install and maintain, but while free from attack, the servers are redundant. A more cost-effective alternative to mitigating the effects of a DDoS attack is to install an appliance-based solution such as EfficientIP’s SOLIDServer DNS Blast, which can process 17 million queries per second with just one appliance. The high performance provided by just a few appliances, compared to potentially dozens of servers, means that the effects of even large attacks can be managed and mitigated with virtually no consequences to the business.
The most important finding of the past few years is that hackers are becoming smarter and more professional in the way they organise their attacks. Not only are they able to detect the security solutions in place; they also know how to work around them. Most companies are just not aware of these risks and, at best, only invest in a few specialised DNS security solutions. The DNS server is potentially the weakest link of the entire IT infrastructure, yet with a simple solution such as SOLIDserver DNS Blast, the dangers of DDoS attacks can be easily and cost-effectively avoided.
By David Williamson, CEO, EfficientIP
About EfficientIP
EfficientIP, one of the fastest growing DDI vendors provides solutions to address organizations’ needs to drive business efficiency through network services availability, security and performance. EfficientIP customers can ensure that their network infrastructure truly supports the business imperatives, ranging from business continuity and availability to reduce time-to-market for new products, services, and locations.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.