THE COSTOF DDOS ATTACK:Risk assessment, mitigationand protection for businesses

AGENDA

What is DDoS?

Attack methods and common scenarios

Risk assessment

The impact and cost of DDoS attacks

DDoS as a cover-up for other attacks

Prevention and mitigation

DDoS protection

THE COST OF DDOS ATTACK · 2

http://media.kaspersky.com/en/business-security

/enterprise/DDoS_Protection_White_Paper.pdf

THE COST OF DDOS ATTACK · 3

WHAT IS DDOS?

A Distributed Denial of Service (DDoS)

attack is one of the most popular weapons

in the cybercriminals’ arsenal. It aims to

make information systems such as websites

or databases impossible for regular users to

access normally.

There can be different motives behind

launching DDoS attacks, ranging from

cyber-hooliganism to dirty competition

practices or even extortion.

THE COST OF DDOS ATTACK · 4

DDOS ATTACK METHODS

VOLUMETRIC ATTACKS

These attacks are increasingly common. By generating traffic levels that exceed

the target business’s available bandwidth, the attack saturates the capacity of the

victim’s corporate Internet connection – and that disables or delays all online

activities.

APPLICATION LAYER ATTACKS

Application layer attacks try to crash the servers that are running vital applications

– such as the web servers that the victim’s online presence depends on.

OTHER INFRASTRUCTURE ATTACKS

Attacks that aim to disable network equipment and / or server operating systems

can totally halt the operation of key business processes.

HYBRID ATTACKS

Cybercriminals also launch complex attacks that combine several methods –

including volumetric, application layer and infrastructure attack techniques.

http://media.kaspersky.com/kaspersky-ddos-protection-data-sheet.pdf

2. Launching a DDoS amplification attack through publicly available

servers containing software vulnerabilities

Under the second scenario involving an amplification attack, servers

leased out from a data center can be used instead of bots. Public

servers with vulnerable software are typically used for enhancement.

Today, either DNS (domain name system) servers or NTP (network

time protocol) servers can be used. An attack is amplified by spoof-

ing return IP addresses and sending a short request to a server that

requires a much longer response. The received response is sent to

the spoofed IP address which belongs to the victim.

TWO COMMON DDOS ATTACK SCENARIOS

http://media.kaspersky.com/en/business-security/DDoS-Protection-White-Paper.pdf

THE COST OF DDOS ATTACK · 5

1. Sending requests directly to the attacked

resource from a large number of bots.

In this scenario, cybercriminals turn

a multitude of computers into

remotely controlled “zombies”

which then follow the master’s

command and simultaneously send

requests to the victim computing

system (conduct a “distributed

attack”)

The top three industries

most likely to suffer from

a DDoS attack are:

telecoms, financial

services and IT.

BUSINESSES AT RISK

A DDoS attack is most likely to last for several hours.

But 6% of businesses reported attacks that latest a

week, resulting in a severe impediment of services.

CUSTOMER PORTAL/LOGIN AREA

COMMUNICARIONS SERVICES

PUBLIC WEBSITE

TRANSACTIONAL SERVICES

FILE SERVERS

LESS THAN 10 MINUTES 10,1%

IT/TELECOM

24%

FINANCIAL SERVICES

21%

CONSTRUCTION AND ENGINEERING

20%

41%

40%

39%

29%

26%

THE COST OF DDOS ATTACK · 6

29,1%

37,9%

14,3%

6,1%

0,5%

1,9%

10 MINUTES TO AN HOUR

SEVERAL HOURS

A FULL DAY

2 DAYS TO A WEEK

SEVERAL WEEKS OR LONGER

DON’T KNOW/CANNOT SAY

The top three types of

infrastructure targeted are:

public websites, the limited

access customer portal,

general communications

infrastructure

UNDERSTANDINGTHE IMPACT

The direct financial costs of recovering from a DDoS attack can be massive regardless of industry

– lost business opportunities, reputational risks and many other things.

https://www.kaspersky.com/small-to-medium-business-security/ddos-protection

THE COST OF DDOS ATTACK · 7

Failed sales

transactions during

downtime periods

Negative publicity that

dissuades existing

customers and

potential clients

Failed transactions

with possible

penalties

Damage to your

business brand that

could take years to

recover from

Direct

financial costs

Your own team

needs reliable

access to key

services

http://newsroom.kaspersky.eu/en/texts/detail/article/lose-a-fortune-one-ddos-attack-can-cost-a-company-over-16m/http://newsroom.kaspersky.eu/fileadmin/user_upload/en/Campaign/KESB_2013/Pdfs/20160930_Press_Release_DDoS_cost_ENG_Final.pdf

THE COST OF DDOS ATTACKS

The average cost of a DDoS attack is $106,000 for smaller

companies and more than $1.6 million for enterprises

BIGGEST EXPENSES ASSOCIATED WITH DDOS ATTACK:

If an attack is detected in the first 24 hours,

the costs can be almost halved, compared

to an attack detected over a day later.

THE COST OF DDOS ATTACK · 8

CHANGES TO THE

CREDIT RATINGS

CHANGES TO THE

INSURANCE RATINGS

OVERTIME PAYMENTS

TO EMPLOYEES

10%

STAFF TRAINING

10%

PR EXPENSES TO RESTORE A COMPANY’S REPUTATION

9%

19%

Medium and Large Companies

20%

Small Companies

17%

OTHER MAJOR DDOS-RELATED COSTS

CUSTOMER COMPESATION

12%

UPGRADING IT INFRASTRUCTURE AND SOFTWARE

THE COST OF DDOS ATTACK · 9

REPUTATION DAMAGEDUE TO CUSTOMERS’MISCONCEPTION

https://www.kaspersky.com/small-to-medium-business-security/ddos-protection

If your business is subjected to a DDoS attack, it could also suffer

additional losses that result from misconceptions about exactly

what a DDoS attack is – and how it could affect your customers.

Even though DDoS attacks are unlikely to have any effect on your

customers’ security, can you be sure your customers will

understand this?

Whenever customers hear about a ‘security incident’ – any

security incident – some may fear that their confidential

information, bank details and credit card numbers could be at risk.

Even though these fears may be totally illogical – and stem from

customers’ misunderstandings about the nature of DDoS attacks –

your business could still suffer.

THE COST OF DDOS ATTACK · 10

Audit IoT devices within

your infrastructure

Change any default settings

(especially common in medium

and small companies using

consumer-level routers)

https://securelist.com/analysis/quarterly-malware-reports/76464/kaspersky-ddos-intelligence-report-for-q3-2016/

https://business.kaspersky.com/iot-ddos/6210/

Enable secure passwords

everywhere

THE INTERNET OF THINGS AS A DDOS TOOL

The Internet of Things (IoT) is increasingly becoming a powerful tool for attackers,

facilitated by the neglect for information security both on the part of vendors and users.

HOW TO STAY PROTECTED

http://usa.kaspersky.com/about-us/press-center/press-releases/2016/Research_Reveals_Hacker_Tactics_Cybercriminals_Use_DDoS_as_Smokescreen_for_Other_Attacks_on_Businesses

THE COST OF DDOS ATTACK · 11

“DDoS can be used not only

as an easy way to stop the

activity of a company, but

also as a decoy to distract IT

staff from another intrusion

taking place through other

channels.”

KIRILL ILGANAEV,Head of Kaspersky DDoSProtection at Kaspersky Lab

56%

87%

29%

26%

of businesses questioned are confident that DDoS has been

used as a smokescreen for other kinds of cybercrime

of these business respondents reported that they

had also been the victim of a targeted attack.

of businesses that suffered from cybercrime said that

DDoS has often been part of the attack tactics

businesses that have suffered data loss as a result of a targeted

attack, named DDoS as one of the contributing vectors

USING DDOS ATTACKS AS A SMOKESCREEN

DDoS attacks are sometimes used by cybercriminals to distract

businesses while hackers sneak in through the back door.

ACCORDING TO 2016 KASPERSKY LAB CORPORATE IT SECURITY RISKS SURVEY

16% OF COMPANIES DO NOT USE ANTI-DDOS PROTECTION

https://www.kaspersky.com.au/small-to-medium-business-security/ddos-protection

THE COST OF DDOS ATTACK · 12

To ensure your business is adequately defended

against DDoS attacks, you need a DDoS attack

prevention solution that helps you to:

Detect any new attack as rapidly as possible

so you can defend your business very soon

after the hacker launches the attack.

Mitigate the effects of the attack as rapidly

as possible to help minimize – or totally

prevent – any disruption to the normal

business activities

DDOS PREVENTION AND MITIGATION

A GOOD ANTI-DDOS STRATEGY WILL HELP

Minimize downtime for business-critical

infrastructure & processes

Ensure customers can continue to

access online services

Maintain productivity for employees

Minimize reputational damage

DDOS PROTECTION– STAY SAFEWITH KASPERSKY LABDiscover how Kaspersky Lab

defends businesses against DDoS attacks