James Tin

Mitigating DD4BC DDoS attacks in Australia and New Zealand

Blog Post created by James Tin Employee on May 8, 2015

The past fortnight has been a hectic period for the Akamai's security teams in Australia and New Zealand. We've been approached by a number of financial organisations, large and medium sized business to help mitigate DDoS threats from DD4BC.

If you're not familiar with DD4BC, here is an updated write-up on their extortion attempts from our very own Bill Brenner. DD4BC: PLXsert warns of Bitcoin extortion attempts - The Akamai Blog.

The problem of DDoS is very real and extremely difficult for a single organisation to mitigate. Even carriers and hosting companies that have multiple gigabits of bandwidth are struggling to fend off these attacks. The reason is, that you more capacity available to you at your disposal to fend off the attack than what the attackers can throw at you. With the going rate of a throwing a DDoS attack around $50-100 per hour, it's a very low cost of entry for the attacker, but to have hundreds of gigabits available to fend of an attack is too cost prohibitive, even for the biggest financial institutions in the world. It's especially so in Australia and New Zealand where bandwidth costs are 40x higher than overseas locations.

 

The best way to mitigate a DDoS attack is to block attacks as far away as possible from the asset you are trying to protect, in other words, as close to the attacker as possible.

 

One good analogy my hiring manager gave me when I started at Akamai was; when you depart Australia for the United States. you get to the airport, check in and then go through customs and immigration. Once you’re through, you can do some duty free shopping and hit the lounge if you're lucky enough to have access and wait for your flight to be called. When you get called to gate 12 for boarding, there is an additional layer of security checking that doesn't seem to be at any other gate. Here they will check your passport, your visa, your shoes and your carry-on luggage.

This additional layer of security checking is not done by the Australian government, but actually by the United States Government. They do this because they'd rather stop the criminals before they get on the plane, before they land in Los Angeles and cause congestion at US Customs and Immigration. Preventing attackers getting on the plane dramatically increases the efficiency of US customs and border protection in LA and makes the process much more efficient for all parties involved.

 

This is exactly how Akamai's Cloud Security products provide protection for Australia and New Zealand's leading websites, the world’s largest banks and ecommerce sites. Akamai delivers between 15-30% of the worlds Internet traffic on any given day. We block billions of attacks a day targeting the world’s largest online platforms. So the combinations of these capabilities put Akamai in a very unique situation.

 

Akamai protects against any form of attack (application layer and DDoS) on the customers fully qualified domain name or hostname, by using the world's largest distributed computing platform, Akamai's content delivery network [CDN]. It includes the market leading Web Application Firewall [WAF] to block SQL Injection, XSS etc. and Site Shield to cloak the origin servers from the Internet.

Additionally we provide assurance that the customer’s last mile Internet link is always available and never goes down. Akamai has nearly 4tbps of dedicated bandwidth for DDoS mitigation, along with our CDN platform that peaked at 26tbps last year; we have immense resources, intelligence and experience available to mitigate the largest attacks.

DNS is often overlooked when securing an online investment. Akamai can ensure that DNS is always available. Attackers understand that manipulating DNS one of the easiest ways for an attacker to bring down a website. As far as I am aware, Akamai operates the world’s largest DNS platform that runs at <1% utilisation during peak times.

 

To ensure that your online presence is always available, the three foundational pillars of DNS, Application and Infrastructure must be always available. By offering 100% availability SLA’s on the CDN and DNS and the fastest time to mitigate SLA’s, Akamai has the best solution in the market today to ensure your online applications never go offline.

 

Customers on the Akamai CDN can also leverage the ingrained acceleration capabilities to make web experience faster and provide local user experience for a global audience. It's an especially popular choice if you are moving to IAAS cloud providers like, RackSpace, SoftLayer, Microsoft Azure and Amazon AWS EC2 or VPC. It removes the risk of DDoS (which is not catered for in IaaS fine print) and the increased reconnaissance/probing attacks that occurs across cloud providers.

 

It's unfortunate that we see the majority of the DDoS attacks source from IaaS providers today. This is not because the IaaS vendors are attacking us, but because the virtual instances hosted in there are being compromised, they are so easily spun up and the owners typically don't patch the OS or patch the application. So the attackers constantly are looking for these very well connected and well-endowed servers to compromise and add to their botnet harem for remote control.

So to protect against this, Akamai can allow your business to leverage the Agility and lower costs offered by the cloud, but cloak where your infrastructure is, so you can be protected from the additional risks.

 

If you do receive a letter from DD4BC or you are experiencing volumetric or application layer attacks. Please feel free to reach out and we can mitigate these risks for your business. This allows your organisation to confidently leverage the Internet for business and innovation without the fear of the advanced attacks on the nasty Internet. Akamai has emergency integration teams for mitigation of current attacks, to access this emergency integration capability, there is an emergency fee. So it's best to plan protection mechanisms before you get attacked, rather than scrambling around like a headless chook.

 

Part of the Akamai Cloud Security implementation is a bespoke run book that is created between all parties involved.  So you know exactly what to do in an emergency and don't have to pause to make a decision or shoot from the hips. A run book ensures everything runs smoothly and just happens according to a well-rehearsed, simple and planned process. Making a decision in a highly stressed situation is more than likely to end badly, that’s why aircraft pilots follow a run book in the event of an engine flame out, or why soldiers practice cleaning their weapon every day, so they don't have to be learning something or make an important decision in the heat of the moment, when lives depend on it.

 

James-

Outcomes