Dutch Government DDoS attack: Analysis and opinion

Reports have emerged that the Dutch Government was hacked earlier this week, resulting in widespread disruption across a range of its sites.

The hack has now been confirmed as a DDoS attack, just the latest in a series of similar breaches to have taken place over the last few weeks and months.

In light of this recent attack, Dave Larson, CTO of Corero Network Security, has offered his thoughts: “Unfortunately, the sheer size and scale of hosting data center operator network infrastructures and their massive customer base presents an incredibly attractive attack surface, due to the multiple entry points and significant aggregate bandwidth that acts as a conduit for a damaging and disruptive DDoS attack.

"The DDoS attack against Dutch Government website hosting provider, Prolocation, is a prime example. As enterprises increasingly rely on hosted critical infrastructure or services, they are placing themselves at even greater risk from these devastating cyber threats – even as an indirect target.

"Interestingly, these DDoS attacks may have initially gone under the radar for Prolocation. Denial of Service is an unfortunate misnomer for the damaging effects of an attack of that nature.

"DDoS attacks that do not fully saturate the Internet link can be just as damaging as the volumetric attacks that are intended to deny service. Partial saturation attacks are dynamic, adaptive and, in many instances, cause outages.

"They are increasingly being used as a smokescreen to hide even more malicious activity on the network.

"Just because your network hasn’t had a total meltdown, it doesn’t mean DDoS isn’t a present threat for your business.”

Darren Anstee, director of solutions architects at Arbor Networks also commented: "DDoS attacks are a threat to any organisation that has an online presence, and attack frequency and scale are continuing to rise.

"This year’s Arbor Worldwide Infrastructure Security Report (WISR) clearly showed this. Based on the information currently available, it looks as if a variety of attacks vectors may have been used In these attacks, which in itself is not that unusual - 42 per cent of service provider respondents to this year’s WISR stated that they had seen what are known as multi-vector attacks.

"The WISR also highlighted that 38 per cent of data-centre operators saw a DDoS attack which saturated their Internet connectivity last year, and when this happens all customers of the data-centre are affected (if protection is not in place).

"Both of these statistics illustrate why layered DDoS protection is so important for end-user organisations and data-centres alike. Application layer and state-exhaustion attacks needs to be dealt with quickly, before they impact infrastructure, and the best place to do this is at the enterprise / data-centre edge.

"But, larger volumetric attacks, which can saturate Internet connectivity, need to be dealt with by cloud / service-provider DDoS protection services, where sufficient capacity exists.

"The combination of both layers of defence can protect the availability of services from DDoS attack."

Image source: Shutterstock/sibgat