Incident Response, Malware, TDR

Debate: DDoS is becoming a more serious threat to enterprises.


While distributed denial-of-service attacks (DDoS) continue to plague organizations around the world, in this month's debate experts discuss whether they should be a top of mind concern for security pros.


Sahba Kazerooni, managing director, Security Compass

While distributed denial-of-service has been a popular attack method since the 1990s, it has grown substantially more powerful and dangerous for businesses in the past three years. Recent DDoS attacks have reached rates of 100-400 Gbps, a level that was unheard of just two years ago. Attackers have access to a growing number of tools that reduce the coordination of attacks to simple button clicks and allow them to abuse vulnerable network services or harness powerful botnets to launch crippling layer 3, 4 and 7 attacks.

DDoS is not only growing in power but also in sophistication. Attackers are leveraging layer 7 attacks to target internal supporting infrastructure, such as databases, to widen the impact of their attacks on a company's network. Malicious traffic is also being disguised as legitimate user traffic, increasing the difficulty of detecting and mitigating attacks. The power and sophistication of DDoS attacks have only increased over the years – it's time to take it seriously.


Dave Aitel, CEO, Immunity

Large networks face many types of threats, but denial-of-service attacks certainly rank at the low end of the spectrum. DDoS doesn't breach your network, steal IP, defraud you, destroy data or spread laterally across your network; all it does is block access for a limited period of time. Could DDoS attacks be used as camouflage for other attacks, specifically wire fraud? Possibly, but if you're getting breached in this way, your problem isn't with DDoS, it's with the glaring holes in your network/software that let them in in the first place - not to mention, the failure of your incident response. This isn't to say that companies shouldn't have DDoS mitigation strategies in place - of course, they should. The al-Qassam Cyber Fighters have certainly shown the capacity for large-scale attacks on major financial institutions. But when prioritizing risk, DDoS should be far down the list and resources should be prioritized for the real APT1 threats.

Dave Aitel

Dave Aitel is a former NSA computer scientist, the Founder of Immunity, Inc, one of the top boutique penetration testing companies in the United

States, and currently a Partner at Cordyceps Systems, where he focuses on leading a team doing machine learning and data science.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.