The Vicious Cycle Of Cloud Tech And DDoS Attacks

Posted on Apr 16 2015 - 11:13pm by Ric Savage


Is a Storm Coming? Cloud computing and its impact on DDoS attacks and protection

Let’s face it: with every great advancement in technology comes an inevitable down side. Some of us have been blessed enough to be able to say that we haven’t experienced a single one of these down sides, but we are all aware that these down sides exist.

Think about it. With the advent of flights came plane crashes. With the telephone came telemarketers. Even the wonderful world of online shopping has led to massive data breaches. And now we’re starting to see the dark side of cloud computing. Not only can the cloud be a target for DDoS attacks, but it can also be the infrastructure used to carry out DDoS attacks. If it weren’t for the fact that some of the most effective DDoS protection also comes from the cloud, we’d probably tell you to pray for sunshine.

The cloud as a target

For many individuals and companies, one of the major advantages of cloud computing is that you only pay for the resources you use. However, if someone decides to make it their goal to cause you or your company a great deal of inconvenience as well as cost you a great deal of money, one very easy way they could do that is by launching a DDoS attack against your web applications in the cloud, chewing through bandwidth as if it’s piled up at an all-you-can-eat buffet.

Just like that, your cost-efficient cloud computing could become one bloated, hideous bill. Furthermore, due to the multi-tenant nature of the cloud, a DDoS attack on it could cause widespread catastrophe. As more and more organizations begin using cloud computing, we can only expect the cloud to become an increasingly attractive target for attackers.

The cloud as a weapon

Cloud computing environments tend to have three things in common: high-performance platforms, high bandwidth capabilities and powerful network connections all over the world. Would you like to take a wild guess at what three things really come in handy when it comes to launching a DDoS attack?

DDoS attacks using the cloud as attack infrastructure have been a hot topic lately, and not just amongst internet security enthusiasts. It was major news in December when Sony – obviously smarting from the massive hack perpetrated against them – were alleged to have used Amazon Web Services cloud servers to initiate DDoS attacks against websites hosting Sony’s stolen information.

In another instance of the cloud being used as a means of a potentially devastating end, the internet security firm Incapsula successfully mitigated a massive DDoS attack that amounted to over 630 billion DNS requests over the course of seven hours. Specializing in professional DDoS protection themselves, Incapsula were surprised to uncover that the malicious requests were originating from two DDoS protection providers, one in Canada and one in China. Attackers had commandeered the firms’ scrubbing servers in order to launch their large-scale attack.

The cloud as protection

“Boy, cloud computing sounds like a great development,” you may be sarcastically thinking to yourself. Given what we’ve just reported, we can’t blame you. But there’s another side to the cloud DDoS story.

If you’ve ever heard the phrase fight fire with fire, then you’ll understand that while advanced and potentially catastrophic DDoS attacks may come from the cloud, the best possible DDoS protection and mitigation also comes from the cloud.

Cloud-based DDoS mitigation is the ideal DDoS protection because not only is it cost-effective, simple to implement, and effective against all forms of DDoS attacks, but cloud-based DDoS mitigation exists outside of your network. That means once DDoS mitigation is instantly and automatically activated, attack traffic will not reach you. All traffic will be directed to the cloud where it will be filtered, with malicious traffic scrubbed and obliterated while legitimate traffic is allowed through so business can continue as usual.

Organizations using cloud computing do need to be aware that not only do they need to protect their own assets within the cloud from DDoS attacks, but they also need to keep their cloud infrastructure from being used in DDoS attacks. However, using the cloud to protect the cloud should be easy enough to remember.

It may seem like a pessimist’s world, where good news is always accompanied by bad news and advancements are always accompanied by drawbacks. But in the case of cloud computing, it’s been good news in the form of the advantages of cloud computing, bad news in the form of cloud-based DDoS attacks, and good news again since cloud-based DDoS mitigation is optimal DDoS mitigation.

About the Author