For the third time in eight months, TalkTalk has been affected by cyber-security issues, with its latest and most serious data breach seeing large amounts of customer data being stolen this month.
The methodology of the attack involved two types of Distributed Denial of Service (DDoS) attacks. TalkTalk was hit by the more well-known volumetric or “flooding” tactic, where data bandwidth is spuriously generated by the sheer volume of traffic caused by the attack. This was coupled with a “low-and-slow” application layer attack, which sends multiple requests to a specific application, such as a database server, which in turn fails due to the vast number of requests.
Coupling these types of attacks is more insidious than the single volumetric attack. Companies need to understand and be aware of the DDoS methodology and, critically, put services in place that are able to mitigate against both of these attacks.
Tools for creating DDoS attacks are freely available on the internet; they can be downloaded and installed even to Android phones to allow an interface to setup and launch a DDoS attack. These tools do not require any depth of knowledge of networking or servers; a child can use them.
A fifteen-year-old boy in Northern Ireland is under suspicion of instigating the TalkTalk DDoS attack.He has been arrested on suspicion of Computer Misuse Act offences and is currently under investigation by the Metropolitan Police Cyber Crime Unit, Police Service of Northern Ireland and the National Crime Agency.
For TalkTalk, regardless of the outcome of any investigation, a huge amount of damage has already been done. The bill for an attack of this kind is likely to run into the millions of pounds. TalkTalk’s share price has already tumbled to a substantial low, wiping millions off the company books, and the Information Commissioner’s Office (ICO) is likely to impose hefty fines for the data breaches.
These David and Goliath scenarios are only likely to increase, as the more curiously adventurous and the downright malicious criminals advance in their ability to attack and the corporate victims struggle to understand the risks and react when the damage is already done.
The simple truth is that DDoS attacks such as those that TalkTalk has fallen victim to can be mitigated against. An organisation recently contacted Node4 when they received a ransom demand that stated a DDoS attack was planned to hit them the next day. Ahead of the attack, we put in place heuristic analysis which looked for any application layer DDoS attacks and “black holed” them. We also scrutinised the organisation’s access bandwidth and set volumetric triggers that would enable us to switch the data flow to a packet-scrubbing service held in readiness. The anticipated DDoS occurred and our customer felt the minimum of impact as the attack was diverted.
If you are interested in Node4’s DDoS protection service, contact us on firstname.lastname@example.org or 0845 123 2222.
John Williams, Product Manager