For the Lulz: Why Cybersecurity is No Laughing Matter

Internet trolls use their “LULZ” to track how well and often they are able to disrupt other parties’ equilibria. A troll might knowingly post a comment or image that other people find offensive, but that troll will use the tagline “I did it for the Lulz” to off-handedly justify his posting. (For the uninitiated, “Lulz” is an internet pluralization of “LOL” which stands for “laugh out loud.”) Regardless of the Lulz justification for a distributed denial of service (“DDOS”) attack, however, that attack is rarely, if ever entertaining for the victimized organization.

A standard denial of service attack originates from a single source that bombards an IP address with a huge volume of traffic. A security team can stop that attack simply by shutting down the traffic from that single source. A DDOS attack comes from multiple distributed sources, making it difficult for an organization to shut down traffic from all of those sources. Single-source denial of service attacks previously required advanced coding knowledge and expertise to carry out. Now, anyone with a minimum amount of knowledge can find a botnet or “zombie” virus to launch a DDOS attack from hundreds or thousands of sources.

Cybersecurity teams that are considering how to stop a DDOS attack have several tools and techniques available to them, depending on the digital environment they are seeking to protect.

• Identify a DDOS attack as early as is possible. Each organization should develop a profile of its normal and customary data traffic. A sharp spike or other anomalies in a traffic pattern can be a sign of an imminent DDOS attack. This technique requires a cybersecurity team that can distinguish between traffic variations that might be responses to legitimate events and DDOS-induced variations. Advanced artificial intelligence software systems are available for this purpose.
• Over-specify a web server’s bandwidth. Making more bandwidth available than an organization will ever need can give a cybersecurity team extra time to respond to a DDOS attack before it shuts down a server. This is the equivalent of building a twenty-foot levee next to a river that will never rise more than two feet above its banks. It can be an expensive option, but it is effective.
• Establish a perimeter defense. Filters and rate limits on servers can also create extra time for a team to respond to a DDOS attack. This can be effective strategy with layer 7 DDOS attacks that target the application layer of an open systems interconnection (“OSI”) environment that partitions a system into abstraction layers. DDOS mitigation techniques pass traffic into these systems through layers that scrub out DDOS traffic.
• Outsource network protection to a DDOS mitigation specialist. Many companies provide services for internal and mobile devices to mitigate DDOS attack risks. These companies analyze incoming traffic and delete potential DDOS attacks before they reach an organization’s internal servers.

Understanding the motivation behind DDOS attacks (assuming that there is a motivation other than “just for Lulz”) can provide insights into how likely a company is to experience an attack. In recent years, banks and other financial institutions have been fertile targets for DDOS attacks that were launched as distractions to obscure other online fraudulent activity. Should there be any question over whether a DDOS attack is just for laughs, by one estimate, a bank can lose up to $100,000 per hour as a result of a successful DDOS attack.

DDOS attacks have also become shorter in duration and might be launched to test an organization’s defenses and its ability to detect cyberattacks. A company that sees repeated, short DDOS attacks may be in a hacker’s crosshairs for a subsequent deeper cyberattack.

Advanced DDOS attacks are a new reality that shows no signs of abatement. Just as companies insure their physical assets against accidental destruction or loss, they can insure their digital environments with advanced planning, cybersecurity precautions, and outsourcing their security functions to companies that utilize the most effective and up-to-date tools to defend against DDOS attacks.