The longest DDoS attack in the second quarter of 2016 lasted 291 hours (12 days), a significant increase on the first-quarter maximum of eight days.
“Thirty minutes may seem like an effective response time against such a powerful DDoS attack, but a survey from IDC last year found that the average cost of critical application failure was between £375,000 and £750,000 per hour, so every second counts when critical systems such as email are down,” said Wieland Alge, vice-president and general manager for Europe at Barracuda Networks .
“The key to effective DDoS protection is the ability distinguish real users from malicious requests, so that suspicious traffic can be blocked or challenged, but this is not easily done,” he added.
According to Alge, a network firewall can protect Layer 4 protocols and even do deep packet inspection, but truly protecting against web application layer attacks generally requires terminating the HTTP or HTTPS protocols and often rewriting traffic to identify and mitigate threats.
Read more about DDoS attacks
- DDoS attacks continue to be p opular with attackers , increasing in size, complexity and frequency in the first half of 2016, according to the latest global report by Arbor Networks.
- DDoS attacks have become a commodity , and are available openly on professional services online marketplaces for as little as $5 an hour.
- There is a real concern that many companies are being affected by DDoS attacks commissioned by competitors, according to Kaspersky Lab.
- Smaller DDoS attacks can be more dangerous than a powerful assault that knocks a company offline but does not install malware or steal data , warns Neustar.
“Just as a network firewall is not designed to stop spam, it is also not designed to stop web application attacks,” he said. “This type of misunderstanding leaves the web application exposed, and gives the administrator a false sense of security. A web application firewall is much better suited to combating DDoS attacks.”
Businesses should also consider some form of dynamic client fingerprinting as part of any DDoS solution, said Alge.
“Mechanisms that can detect suspicious clients using script injections and challenge suspected malicious requests with a CAPTCHA test can be a lifesaver when a DDoS army is very distributed, stays below the rate control radar, and its user systems have not been blacklisted,” he said.
The DDoS attack on 123 Reg highlights the fact that DDoS remains a common attack type due to the easy availability of free tools and inexpensive online services that enable anyone with a grievance and an internet connection to launch an attack, and that not all DDoS mitigation techniques provide the same level of protection.