Understanding the risk and cost of a DDoS attack


Today, more and more companies are outsourcing their online operations, such as websites, e-commerce, e-mail and domain name system (DNS), to focus on core business activities and lower costs. As a result, hosting providers are experiencing double-digit growth as they meet this mounting market demand.

Service-level commitments and customer expectations are also on the rise due to the business-critical nature of many hosting services. In particular, the highest-value customers have the lowest tolerance for outages. Clients of host monster and other shared hosting environments may not be affected as much.

As explained in the Arbor Networks white paper, The business value of DDoS protections, a continuing and growing threat to service availability is distributed denial of service (DDoS) attacks. In fact, the paper states that most hosting providers experience DDoS attacks on a regular basis.

One needs to thus quantify both the risks of DDoS attacks and their financial consequences, and the white paper mentioned earlier provides a simple, step-by-step approach for evaluating whether an investment in a DDoS defence system is financially justified.

In its 11th Annual Worldwide Infrastructure Security Report (WISR), Arbor offers direct insights from the global operational security community on a comprehensive range of issues, from threat detection and incident response to staffing, budgets and partner relationships.

The survey covers data from November 2014 through to November 2015. Highlights of the report reveal:

– A change in attack motivation: The top motivation was not hacktivism or vandalism but ‘criminals demonstrating attack capabilities’, something typically associated with cyber extortion attempts.

– Attack size continues to grow: The largest attack reported was 500 Gbps; with others reporting attacks of 450 Gbps, 425 Gbps and 337 Gbps. In 11 years of this survey, the largest attack size has grown more than 60X.

– Complex attacks are on the rise: 56 percent of respondents reported multi-vector attacks that targeted infrastructure, applications and services simultaneously, up from 42 percent last year. 93 percent reported application-layer DDoS attacks. The most common service targeted by application-layer attacks is now DNS (rather than HTTP).

– Cloud under attack: Two years ago, 19 percent of respondents saw attacks targeting their cloud-based services. This grew to 29 percent last year, and now to 33 percent this year – a clear upward trend. In fact, 51 percent of data centre operators saw DDoS attacks saturate their Internet connectivity. There was also a sharp increase in data centres seeing outbound attacks from servers within their networks, up to 34 percent from 24 percent last year.

– Firewalls continue to fail during DDoS attacks: More than half of enterprise respondents reported a firewall failure as a result of a DDoS attack, up from one-third a year earlier. As stateful and inline devices, firewalls add to the attack surface and are prone to becoming the first victims of DDoS attacks as their capacity to track connections is exhausted. Because they are inline, they can also add network latency.

“Hosting providers in particular often have a higher risk of DDoS attack than stand-alone online businesses because hosting providers in effect aggregate the risk of all their customers. An attack on one customer can affect others and potentially the entire hosting operation because of the heavy reliance on shared infrastructure. Risk is also a function of the type of customers being hosted. Sites that engage in controversial activity, as well as large, visible businesses, are more likely targets of DDoS than small business Web sites. However, just one small customer can attract a massive DDoS response with a single controversial act,” says John Rampton, founder of invoicing company Due.com and former manager at hosting company Hostt.

The research also reveals that cost of outages due to DDoS attacks is comprised of operational costs and revenue impacts. It states that lower-impact/ duration attacks may only result in added operational costs. High-impact attacks will also negatively affect revenues due to customer defections, SLA credits and reputation damage.

The paper lists the elements contributing to the overall cost of DDoS consisting of the following:

– Personnel time spent addressing and recovering from the outage;

– incremental help desk expenses;

– customer credits and refunds;

– cost of customer defections and nonrenewal of contracts; and

– degradation of reputation resulting in higher customer acquisition costs and a lower rate of business growth.