Prevention and investigation of DDoS-attacks

Problem

Distributed Denial of Service (DDoS) is a class of attack that aims to cripple a company’s web presence. DDoS ranks among the most serious threats to businesses on the contemporary Internet. Enterprises that depend upon the reliability of their web presence to conduct business are at particular risk — online shops or businesses that utilize electronic payment systems can be completely knocked out by a sophisticated DDoS attack. The modus operandi of such attacks is simple and devastating: a network of virus infected computers, commonly known as a “botnet,” is directed to overwhelm an enterprise victim’s web servers with bogus requests. While a company’s servers struggle to respond to this illicit web traffic, ordinary users, partners and suppliers are unable to conduct normal business with the victim. As a result, the aggrieved company faces public relations problems, possible loss of corporate clients and financial losses.

Of late, DDoS attacks have reached record high levels and the associated financial losses are huge. For example, the current American e-commerce market is estimated at $165.5 billion US dollars and the damage to a large e-business company whose web presence is shut down for 24 hours is about $30 million US dollars.

DDoS attacks not only can cause multimillion dollar losses but also pose serious risks to a company’s good name. It is difficult to estimate such “reputation costs” to a company, but at worst they can considerably exceed the more obvious financial damages. Unexpected operational interruptions and failures to meet contractual obligations within a specified timeframe can cause irreparable damage to a company’s reputation, leading to the loss of clients and partners.

Solution

To ensure protection against complex modern DDoS attacks, Group-IB provides sophisticated distributed systems protection. Through a combination of specialized equipment, software, dedicated channel partners and experienced experts, Group-IB is able to counteract even the largest attacks. Group-IB points-of-presence are located in Russia, Europe, North and South America, Australia. These distributed capabilities reduce signal delay for geographically-localized traffic and facilitate rapid response to an attack from any region of the world by pinpointing an attack directly at its source.

Filtering systems in Russian and non-Russian networks are able to flexibly block “parasitic” traffic when its sheer volume threatens the trunking channels of leading providers. These same high-end capabilities afford protection and reduced service costs for clients facing similar DDoS attacks.

Our in-house experts’ long experience in the security and networking fields has led to the creation of software that is largely able to cope with new types of attacks automatically. By minimizing the need for human participation, the time needed to respond to a sudden attack is reduced and service quality is enhanced. The quality of Group-IB services is regulated by a Service Level Agreement (SLA) that is concluded with each individual client.

A detailed description of our system protection offering, including a description of the various kinds of DDoS attack prevention, can be found at www.ddos-block.com.

Apart from an immediate response to client requests and DDoS attack suppression, Group-IB experts offer investigative services that an aggrieved company can utilize to ferret out attackers and their paymasters and assist in bringing them to justice. Our clients who request such investigations receive a detailed report of findings, information on the geographic distribution of any botnets used to attack them, location of the botnet operating center, a malicious code sample, and data related to the attack’s perpetrators.

Result

In a recent case, an aggrieved company secured the assistance of Group-IB. Our experts suppressed the DDoS attacks afflicting our client, prevented the collapse of its corporate Internet presence and minimized its financial losses. Further investigation on behalf of our client’s representatives secured important information related to the  incident that was subsequently passed on to the appropriate law enforcement bodies, ultimately bringing the guilty parties to justice. Finally, Group-IB experts provided detailed recommendations for preventing similar DDoS attacks in the future.