Attack of the Bots: Protecting Your Brand from the Next Denial-of-Service Assault

Posted October 24, 2016

Attack of the Bots: Protecting Your Brand  from the Next Denial-of-Service Assault

Friday’s Massive Cyber-Attack Points to New Threats Facing Brands as the All-Important Holiday Season Approaches

 
Call it, “All trick and no treat.”
 
We have yet to even hit Halloween, and a massive cyber attack has the entire business world spooked over what might come next—especially with the all-important holiday season fast approaching.
 
Twitter, Shopify, Amazon, Pay Pal and the New York Times. These are just a few of the major brands assessing the damage done by a series of distributed denial-of-service attacks (DDoS) that took out a sizable chunk of the Internet this past Friday.
 
According to reports, the disruption was caused by a sophisticated attack involving tens of millions of “smart devices” on the emerging Internet of Things—security cameras, baby monitors, thermostats, DVRs—infected with the malware “bot” known as Mirai.
 
In this case, the enslaved devices formed a so-called “botnet” that was used to send an overwhelming amount of web traffic to the servers of Ottawa-based Dyn, a major provider of DNS services that connect users to individual websites.
 
The idea? Rather than shut down a specific domain, take out the entire Internet, instead.
 
Among the hardest hit: Online retailers, some of which saw sales plummet, and publishers that depend on ad impressions for revenue. For more than one-third of the companies hit Friday, a single hour of a DDoS malfunction could cost up to $20,000—extending to $100,000 per hour for some firms.
 
Yet for all the immediate concern, something else is top of mind for many brands: As holiday shopping ramps over the next few weeks, such attacks could prove catastrophic to a season that accounts for 23% of annual online sales and nearly 10% of all retail sales for the year—to the tune of over $9 billion.
 
Holiday of Horrors?
 
While some believe the sophistication of Friday’s attack may signal state-sponsored cyber warfare, crooks increasingly use the very same technologies.
 
DDoS attacks against individual companies is up more than 125.4% in the last year—costing large brands an average of $1.5 million, according to the Ponemon Institute.
 
As if business disruptions weren’t bad enough, up to 70% of DDoS attacks are merely smoke screens designed to mask an attempted data breach. In fact, an estimated 80% of all US fraud attempts now use botnets to this end.
 
That’s because botnet attacks can do more than shut a site down. The malware they distribute can enable cyber-crooks to automate the process of placing fraudulent purchases; access personal accounts; steal credit card information; conduct click fraud, and a whole lot more.
 
It’s enough to erode consumer trust in a brand to the point that 50% of consumers say they would forego shopping at an affected retailer for at least three months, according to a study from KPMG.
 
In other words, we’re not just talking about security breaches here. We’re talking about what some have referred to as brand carnage.
 
“Companies are increasingly concerned about the reputational damage that cyber crime can cause,” Emma Kane, CEO of public relations firm Redleaf Communications tells Racanteur. “It can lead to a real lack of confidence in the integrity of a company and its ability to keep data safe.”
 
Small wonder companies of every size are scrambling to find solutions to prevent Botnet attacks, DDoS and otherwise, that can do serious damage to their brands. But it won’t be easy.
 
Brands vs. Bots: Searching High & Low
 
Among the biggest obstacles to thwarting botnet attacks: Identifying them in the first place.
 
That’s because for every DDoS attack involving high volume web traffic from enslaved bots out to shut down a website, many more low frequency attacks quietly test and bypass firewalls to access critical customer data.
 
To be effective, anti-attack systems need access to shared, global intelligence that can be used to establish and validate the identity of each individual website user in real time, around the world, in order to let legitimate traffic in while keeping other traffic out.
 
To do this, these systems must:

  • Recognize good customers: This entails passively authenticating customers and their established patterns of behavior across all their devices to instantly identify them when they return—without compromising the user experience
  • Detect botnets & malware: We’re talking dynamic detection of malware, automated bot attacks, session high-jacking and phished accounts—analyzed against global threat information on known fraudsters and botnets
  • Profile user devices: This involves device identification and the ability to scan all apps and even the device’s operating system for threats or vulnerabilities, and to detect any location cloaking designed to hide true identity

To see how these kinds of capabilities can make an enormous difference, check out this recent case study on how one global retail brand has successfully blocked 90% of all botnet attacks and lived to tell about it.
 
After all, if Friday’s massive cyber-attack is a sign of things to come, your holiday season (and your brand’s long-term reputation) may depend on it.
 
 

Armen Najarian

Armen Najarian

Chief Marketing Officer, ThreatMetrix

close btn