Jose Nazario of Arbor Networks asseses the threat of cyber extortion...
Criminal gangs are increasingly using the internet as a tool to extort money from businesses.
Thousands of distributed denial of service attacks are occurring globally every day and it is vital that senior management wakes up to the very real risk of such an assault.
The rise of the internet carries a number of threats in the form of viruses, hackers, worms, and malware.
Most companies are aware of these risks and have the appropriate processes and technology in place to combat them.
But in the last few years these internet based threats have taken on a more malevolent and sophisticated nature; virus writing is no longer the pastime of teenagers with too much time on their hands - instead, viruses are now being written for organised cyber criminals motivated only by money.
These criminals are increasingly using a method known as distributed denial of service (DDoS) attacks. These are launched with the sole aim of crashing a company's web-site or server by bombarding them with packets of data, usually in the form of web requests or emails.
Unlike single source attacks (which can be stopped relatively easily), the attacker compromises a number of host computers which, in turn, infect thousands of other computers that then operate as agents for the assault.
These infected host computers, known as "zombies", or "bots", then start flooding the victims' website with requests for information, creating a vast and continuous stream of data that overwhelms the target website, thus preventing it from providing any service.
The cost of a DDoS attack can be substantial and it has been estimated that as many as 10,000 occur world-wide everyday.
DDoS extortion attacks were originally used against online gambling sites.
Criminal gangs would initiate attacks that would bring the website down just before a major sporting event, inflicting maximum financial damage.
Now, however, DDoS attacks are increasingly being used to extort money from all sorts of businesses.
One of the most well known DDoS attacks occurred early last year: "MyDoom" infected hundreds of thousands of computers before launching an attack on SCO (a Utah-based Unix vendor) that took the company out of business for several weeks.
Even the Greater Manchester Police has fallen victim to an assault; recently its chief constable was subjected to 2000 emails an hour in an attempt to crash the force's computer systems.
DDoS attacks are also being used for increasingly political purposes.
On Valentine's day animal activists set up a chat-room and encouraged people to log on and "chat" at the same time.
For every word typed an email would be sent to the target organisations in the vivisection and fur industries in an effort to crash their websites.
The reality is that no company is safe. The problem is exacerbated by the fact that DDoS attacks do not simply effect the organisations they are targeted at, but can in fact bring down the Internet Service Provider (ISP).
Despite the substantial damage DDoS attacks can cause, research released by IT Company IntY earlier this year has revealed an alarming lack of awareness amongst businesses about the threat posed.
According to IntY, more than half of UK companies are at risk because this lack of understanding has resulted in a widespread failure to implement the necessary preventative technology.
It is vital that senior decision makers wake up to the very real threat posed by DDoS attacks. A failure to do so could have far-reaching consequences.
All businesses with an online arm should implement the necessary preventative measures to mitigate the threat of a DDoS attack.
Many companies rely on reactive measures such as blackholing, router filters and firewalls, but all these methods are either inefficient, not sophisticated enough to protect against cyber criminals or can only be configured to specific external sources.
If companies are to successfully combat a DDoS attack a truly multi-layered approach to defence must be adopted.
It is vital to establish a solid relationship with your service provider to ensure that you are aware of the measures that are available to protect your network and online business.
Recent research by Arbor Networks revealed that DDoS attacks are the most crippling threat facing ISPs today, yet only 29 per cent of ISPs surveyed offer security and DDoS service levels agreements to their customers.
Because DDoS attacks are launched from thousands of computers around the world it is essential that companies share information about the attacks if they are to be stopped.
Such assaults cannot be fought alone and a collaborative effort is vital. A number of ISPs including Belgacomm, Cable & Wireless and Colt, have signed up to Arbor Networks Fingerprint Sharing Alliance which enables them to share detailed attack information in real time and block attacks closer to the source.
Once an attack has been identified by one company, the other ISPs in the alliance are automatically sent the "fingerprint" enabling them to quickly identify and remove infected hosts from the
network. This enables businesses and their ISPs to stay abreast of security threats as they arise. The alliance is helping to break down communication barriers and its rapid growth marks a significant step forward in the fight against cyber criminals.
The threat of being blackmailed by organised criminals using DDoS attacks is very real. Such attacks are capable of bringing even the largest companies to their knees. However, stand alone defences are insufficient to combat these attacks and a comprehensive approach to security must be implemented.
Not only should a multi-layered security strategy be instilled at enterprise level, but companies must work with their ISPs to ensure they too have taken preventative measures. n Arbor Networks is exhibiting at Infosecurity Europe 2006 - Europe's number one information security event - taking place from April 25-27 in the Grand Hall, Olympia, London.