How today’s enterprises can effectively manage malicious botnets

Gaurav Malik, Country Director, India, Limelight Networks
Gaurav Malik, Country Director, India, Limelight Networks

By Gaurav Malik

In October 2016, a significant portion of the internet was brought to a halt by a major Distributed-Denial-of-Service (DDoS) attack. Dyn, a DNS service provider of about 79 affected platforms, was the target of a DDoS attack now known as the Mirai Botnet Attack which tapped into compromised IoT devices such as IP cameras, printers, residential gateways, and baby monitors. This drove millions of malicious requests towards the Dyn server, bring down much of the internet with it. This was just the tip of the iceberg.

More recently, multiple events, including the Equifax breach which resulted in sensitive personal information of 143 million customers compromised and the CIA hacking incident have indicated that many defense mechanism – irrespective of its sophistication – can be breached and manipulated using different tactics, techniques and procedures (TTPs).

Why is security against DDoS attacks and botnets necessary?
DDoS attacks overload a server by redirecting malicious traffic, generated by botnets, and preventing service access to legitimate users. Often, cyber attackers use DDoS to mask a broader network breach. Even if this is not the case, DDoS attacks cause substantial reputational and financial losses to an affected organisation.

According to Neustar’s ‘Worldwide DDoS Attacks & Cyber Insights Research Report’, the average cost of a DDoS attack was $2.5 million in 2017. Additionally, following a DDoS attack, 47 per cent of cases led to virus injection, 43 per cent led to malware activation, 32 per cent resulted in data theft, and 32 per cent experienced network compromise and equipment damage. This was in addition to the loss of customer trust, financial theft, and loss of intellectual property.

Can DDoS attacks be completely mitigated?
The impact of a DDoS attack ultimately depends on its scale and the IT infrastructure of the target. A DDoS attack can be prevented if the digital infrastructure is robust enough to withstand the incoming traffic. This is the reason why a majority of leading industry players have started utilising content delivery networks (CDNs) with a global infrastructure comprising data centers and proxy servers.

CDNs by their nature of being huge globally distributed networks with large PoPs positioned around the world, can absorb volumetric flood traffic at Layer 3 and Layer 4 (two common DDoS vectors), providing passive attack mitigation against smaller attacks. This helps CDNs, and by extension, an enterprise, to conduct business as usual even if they are undergoing a botnet attack.

Some CDN players take this one step further with DDoS mitigation, Transport Layer Security (TLS), and Web Application Firewall (WAF) services. These solutions can screen malicious traffic by diverting it to scrubbing centers which then filter out illegitimate botnet traffic and redirect legitimate users to the content origin.

CDNs also leverage Digital Rights Management (DRM) to give access control only to legitimate users after considering location, time, and other parameters of content access. In doing so, apart from eliminating DDoS attacks, it also addresses digital piracy – which is expected to double from its 2016 level to $51.6 billion by 2020.

In conclusion, cyber security will always be a point of concern for anyone that even remotely deals with technology. Even as businesses and individuals alike continue to harness state-of-the-art technologies, it is important to bear in mind that cyber attackers are doing the same and botnets have become an effective tool, enabling them to achieve their means.

Against a backdrop of the constant and evolving threats of cybercrime, our ultimate protection against malicious cyber attacks is a sophisticated digital infrastructure that detects and prevents attacks before they happen.

(The author is the Country Director of India, at Limelight Networks)