2011 is looking to become the worst year for cyber attacks. Hacker groups have made declarations of open hostility towards governments, banks, and big corporations. The Brazilian government was the latest in a string of highly publicized international attacks. Other recent victims include Sony’s Playstation Network, the CIA, Fox TV, and the British police. Millions of email addresses were stolen earlier this week, when marketing email provider Epsilon was hacked.

Citigroup was a recent target when thieves used the customer web site to bypass traditional safeguards and impersonate actual credit card holders. Citigroup came under a further attack by IT and security professionals who vehemently argued that Citigroup’s security measures were inadequate and outdated.

The majority of the attacks have resulted in temporary disruptions to web sites and the theft of user credentials, including personal and financial information. Distributed denial of service (DDoS) attacks have been used to target both government and corporate sites.

Distributed Denial of Service Attacks
According to Wikipedia, there are two general forms of DoS attacks: those that crash services and those that flood services, and they can be targeted at any network device. A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system.

What can you do?
If a business finds itself the victim of a DDoS attack, there are a number of things they can do. (Note: this list comprises only a few suggestions and is by no means exhaustive).

1) Shutdown the site: One solution often recommended by security experts is to shut down a site, (play dead) and wait out the storm. This is obviously a quick and cheap solution, but has a negative impact on the marketing and sales aspect of a web site. Shutting down would block all new connections and render the site un-viewable for an extended period of time. This solution is effective only if those responsible for the attack lose interest and move on.

2) Implement a DoS Defence System (DDS).

3) Find a DDoS counteracting strategy: Certain types of DDoS attack can be contained using a combination of firewalls and Intrusion Prevention System (IPS) devices, but no technology can block ALL types of DDoS attacks. However, future attacks may be prevented by implementing IPS devices to limit intrusion and possibly block small or medium malicious attacks. Large DDoS attacks can be counteracted using large scalable network infrastructure, but these services are financially prohibitive.

Who’s to blame?
Unless a corporation is the target of a publicized attack, they should consider the following possible sources.

Random target: Being selected at random by a group of hackers whose activities consist of initiating DDoS attacks often in order to develop and perfect attack tools is not completely out of the question. In these cases, they might lose focus on their target once they realize DDS initiative have been implemented.

Involuntary attacks: Following operation efforts in software development, marketing promotion or any other deployments, human error is sometimes the source of what may seem to be directed attacks.

Disgruntle staff: Ex-employees are often the source of attacks directed at a company. This could be considered the leading cause of DDoS attacks on companies.

Ransom attacks: A noticeable trend is growing in developing countries where criminal groups are often behind attacks on a commercial web site. The motivation is profit, where these groups demand payment in ransom in order to have the attacks stopped.

Diversion attacks: This type of attack is being seen more often, with Sony being the latest example. Hackers attack a website, and while the IT is busy trying to explain and resolve this attack, their attention is diverted enough to let hackers work on penetrating and compromising the web site for future information theft such as customer profiles and credit cards. Once a site has been infiltrated, the DDoS attacks suddenly stop.

 

 

Damage control
After a security breach in the company’s PlayStation Network, Sony has been criticized for holding off on releasing information. In order to quell customer fears and maintain customer loyalty, companies must provide transparency and accept culpability for any oversights in security. A defensive position will only serve to alienate loyal fans. Sony executives issued an apology and acknowledged that there were flaws in their security precautions that would be addressed.