DDoS attacks quickly cause enormous financial damage, not to mention possible image damage. But the threat can be neutralised relatively easily and cost-effectively with the appropriate precautions.

"Lloyds Bank hit by DDoS attack". "A1 Telekom Austria fell victim to blackmailers." These headlines could be continued at will. But what is in the media is only the tip of the iceberg. Because every day, every hour, hackers carry out so-called DDoS attacks, in which victims' websites or the computers on which these services run are flooded with requests and brought to their knees. The public does not learn about most of these incidents. Or they notice them indirectly, for example when an online shop is unavailable.

Greatest possible damage

DDoS stands for "Distributed Denial of Service", which in more detailed translation means something like "unavailability of service with distributed attack". While hackers often want to spy out sensitive information from governments or competitors in other, covert forms of attack, the motives for DDoS attacks are as simple as they are obvious: they are intended to cause the greatest possible damage in order to cripple competitors, damage their reputation and gain an advantage in the market. Sometimes blackmail is also involved; the victim is supposed to buy his way out by making a payment.

DDoS attacks are spreading like an epidemic. 87 percent of network service providers were affected by an attack in 2017, according to the annual Worldwide Infrastructure Security Report by security service provider Netscout Arbor. In the largest known attack in 2017, a victim was bombarded with 600 gigabits per second. The preferred target is companies (70% reported an attack in 2017), including financial service providers (41%) but also public administrations (37%).

Impact multiplied

The penetrating power of attackers is increasing. In the past, they only carried out DoS attacks - one computer attacking another. Today, attacks come from distributed computers, hence the second "D" for "distributed". To do this, the hackers hijack thousands of computers of unsuspecting users unnoticed and connect them to so-called botnets. These send fake requests to servers as if they were coming from a different IP address. An attack from a botnet or hijacked servers has a much greater impact. At the same time, such attacks are dirt cheap. Hackers offer them for just a few francs per hour, and a veritable DDoS industry has developed.

In view of the threat, it is astonishing that many companies do nothing about it. This is possibly because DDoS incidents are "only" second in the list of attack scenarios; ransomware such as WannaCry and Petya attracted more attention in 2017. Some also believe they are sufficiently protected by installing a firewall - which is not true. Others think they have no enemies and no important data or processes that need to be protected. Those who think this way are very much mistaken. Every company that offers services over the internet would suffer from a DDoS attack and lose turnover - or reputation. This also applies to non-profit organisations, politicians or religious organisations.

Washing machine for data

Hoping that only the others will be affected is a risky strategy. It is better to take out a kind of insurance against DDoS attacks. It monitors the company's data traffic and detects anomalies, such as when certain patterns appear in the data traffic or when the amount of transmitted data swells quickly. Then the data traffic is diverted and sent through a "washing machine". These are special computers that distinguish "bad" data from "good" data and block and destroy the former. This happens until the attack dies down, then the normal connection is resumed. The washing machine does not work with bit accuracy, which means that bad data can also slip through. The important thing is that the attack comes to nothing and all services can continue to be used without restriction and the customers (or service providers) are notified immediately.

A company can set up its own washing machine. To do so, however, it has to buy a lot of hardware and software and hire experts, who are notoriously scarce. The expense is only worthwhile for very large corporations, such as banks. For all other companies, a service contract is the better and, above all, cheaper option. The service provider operates a whole battery of washing machines in one or more data centres; in the event of an emergency, the data traffic of affected customers is diverted there and cleaned without noticeable delay. As a rule, neither the company nor its customers notice anything.

DDoS Mitigation - the Anti-DDos Service

UPC also offers such an all-round carefree service. Business customers can book the anti-DDoS service in addition to their Internet package. "Our service has been around for a few years and is state of the art," assures Willy Landolt, Senior Product Manager for data products at UPC and formerly employed by a security company. The customer does not have to do anything, the detection and defence against an attack is fully automated in one of the UPC data centres with the leading technology from Arbor. The customer is always informed via a web portal whether and which attacks are taking place.

Switzerland has caught up in terms of cyber security, but according to the Global Cyber Security Report of 2017, it still lags behind countries such as Estonia and Norway. The country should catch up quickly, because on average a DDoS attack causes damage of over 400,000 dollars. Willy Landolt: "In relation to the potential damage, UPC's anti-DDoS service is a very inexpensive insurance policy."