Just a few weeks ago, security researcher and journalist Brian Krebs reported on the arrest of two men who were suspected of running “vDOS,” one of the most pervasive distributed denial-of-service (DDoS) paid service networks in the world. DDoS as a subscription service is nothing new; vDOS was in existence for well over four years, and along with other services such as “PoodleStresser” were part of the nascent but rapidly-growing distributed denial of service-as-a-service market (“DDoSaaS” – how’s that for an acronym?)
DDoS (Distributed Denial-of Service) attacks are nothing new, but they continue to cause havoc by taking business critical websites and applications offline. Organizations need to be prepared to defend against the damaging impacts caused by sustained service outages on critical resources -- and, increasingly, to protect the organization from the data theft and other secondary motives of DDoS attacks used as smokescreens to draw critical security resources away from true targets.
One of the largest ever recorded DDoS attack hit Indian data centers earlier this year, according to a Q1 2015 DDoS report by Arbor Networks, a threat intelligence and monitoring service. The datacenter was hit with a 334Gbps stream of unwanted traffic, accounting for tens of thousands of connections. The attack hit the Indian network operator between January and March.
With attacks reported against many banks and major corporations, DDoS (Distributed Denial-of Service) attacks seem to be a hot topic these days. This begs the question of what can be done to protect organizations from the damaging impacts caused by sustained service outages on critical resources -- and, increasingly, to protect the organization from the data theft and other secondary motives of DDoS attacks used as smokescreens to draw critical security resources away from true targets.