Monday, 8 April 2013
Cyber Feud Reminds Businesses of the Need for Security
As March rolled in April, the news media was awash in stories about what was being billed as the "biggest cyber-attack in history." CNN, the New York Times, and a host of other news outlets were warning computer users around the world that a prolonged Distributed Denial of Service (DDoS) attack was causing major Internet slowdowns on a scale like nothing we have ever seen.
Fortunately, as is usually the case with news media, the reports were wildly overblown. Nonetheless, they did serve as a wake-up call for businesses both large and small. The attacks served as an important reminder for hosting companies and their customers, as well as companies with their own dedicated servers, of the need for diligent security practices.
At the centre of the March DDoS attack was an ongoing cyber feud between the Spamhaus Project and a company by the name of CyberBunker. The former is a European organisation with a mission to fight the worldwide problem of spam e-mail. The latter is a hosting company that promises to take on any customer with the exception of those who promote child pornography or terrorism.
CyberBunker has long been a target of Spamhaus due to allegations that the hosting company wilfully and knowingly provides a home for some of the world's most prolific spammers. Although CyberBunker denies any direct involvement in the attack, the company's founder admitted some of the individuals using their services got together to organise and launch the attack.
The prolonged DDoS event lasted for several days even as another organization, known as Stophaus, stepped in to try to bring it to an end. As for Spamhaus, they acknowledge the attack was indeed the largest they faced but certainly not the first. The non-profit organization says they will not be thwarted in their mission by such attacks despite facing ongoing security threats and promises of lawsuits.
If nothing else the attack on Spamhaus exposed inherent vulnerabilities in today's email systems. What's more, it shows that no amount of data centre training or systems management will ever stop hackers from launching DDoS attacks. They are too easy to pull off because there is little victims can do to stop them until they are well under way. The best businesses can do is strive to shut down such attacks as soon as they are recognised.
In an era of increased virtualisation and cloud computing, it becomes all the more important for businesses to understand the security threats they face so proactive steps can be taken. The key to minimizing the damage of DDoS attacks is to employ a combination of automated software and competent security personnel.
Trained security experts know how to use software to its fullest potential while also being able to pick up on things outside software parameters. With the combined skill of a security expert and a good DDoS security package, companies can significantly reduce their risk of being the victim of a prolonged attack.