“These attacks can last up to 168 hours, and the targets can only keep rebooting their machines until the attacks cease,” said Tony Miu,Security Researcher of Nexusguard.
Hong Kong (PRWEB) February 14, 2013
According to a recent media report, an increase in online retail sales is expected in 2013, especially in China. Business-to-consumer (B2C) transactions may even double the amount seen in 2012. E-business giants- such as Google, Amazon and Apple Inc.- have brought about a revolution of Online shopping. Since the age of Dot-com bubbles, online purchases have become increasingly user friendly. New, web-based business models have enabled enterprises to tap into different segments of customer bases, and create higher profit margins than traditional, land-based business model.
Unfortunately, web attacks are concurrently evolving with the growing trend of e-businesses, and has already posed real threats to them. This is of particular concern to mission critical web companies, whereby web business - dependent on uninterrupted uptime- represents their lifeline.
Nexusguard, a premium end-to-end anti-DDoS service provider, protects numerous mission critical web companies, ranging from online gaming, stocks trading and bullion trading since 2008. Tony Miu, the Security Researcher of Nexusguard, has predicted an evolving trend of targeted attacks that could cause significant damage to a website’s Domain Name and Uptime.
“Domain names represents the reputation of a online business,” shared Tony. “Through DDoS attacks, the availability of a website will be damaged, bringing about collateral damages to its reputation, as well as millions of dollars lost due to lack of availability. This may adversely affect web businesses, which may end up being bought over by their business competitor”.
“Research at Nexusguard has shown that more than 50% of DDoS attacks towards mission critical web companies were targeted DDoS attacks. These attacks can last up to 168 hours, and the targets can only keep rebooting their machines until the attacks cease,” said Tony. (See more in appendix on targeted DDoS attack)
“Attackers will spend 3 months to research and test the victims IT infrastructure for a targeted attacks. In some cases, the sources of attacks can come from normal customers. We suspect that attackers hack into, or even own, authorized customer logins for researching, testing and launching attacks.”
“In the face of such skillful attacks, enterprises should rely on a professional anti-DDoS service provider, who is able to provide a customized mitigation plan; knowing one’s weakness allows for strength.” Tony added.
Nexusguard’s in-the-cloud, anti-DDoS service - ClearDDoS - delivers enterprise level DDoS mitigation to its customers. For more details please visit http://www.nexusguard.com/
3 Key DDoS attacks to Enterprises
Type: Bandwidth Attacks
Description: A volume based attacks on victim’s bandwidth. These attacks do not have a significant impact on larger companies; as bandwidth cost has decreased in recent years, companies with the resources are able to employ more bandwidth as a buffer against bandwidth attacks.
Review: Most DDoS Mitigation devices or service providers are able to mitigate bandwidth attacks.
Type: Application Attacks
Description: An attack that targets a victim’s application layer (such as Http Get flood). Though not a complicated attack, enterprises with weaker IT infrastructure will suffer from application attacks.
Review: Some DDoS Mitigation devices or service providers are able to mitigate application attacks.
Type: Targeted Attacks
Description: An attack that combines bandwidth attacks, application attacks and new attack methods. In order to terminate a website in seconds, attackers employ detailed research and tests on a web’s infrastructures and vulnerabilities (with research and tests lasting up to 3 months). Once the attack has succeeded, the only solution is to restart the server, which may cause significant losses in the victim’s revenue and reputation.
Review: Only several DDoS mitigation service providers offer a highly customized mitigation plan that employs both detection and mitigation.