DDoS attacks poised to target digital broadcasters

While media coverage surrounding cybersecurity has historically focused on data breaches affecting financial services, this year has seen the maturing of a major threat: the DDoS attack. Distributed denial of service (DDoS) attacks occur when multiple compromised systems, usually a botnet, flood a targeted system with an overwhelming level of traffic, aiming to cause service outage. 2016 has seen these attacks increase in intensity, hitting the headlines in October when Domain Name System provider Dyn was the target of a Mirai botnet attack that disrupted key platforms such as Twitter, Spotify and Soundcloud. This unprecedented attack demonstrated the threat’s evolution towards targeting digital content services with large reaches. 

For digital broadcasters, whose businesses hinge on delivering high-quality video content to millions of customers via the internet, DDoS attacks represent a major threat to reputation and revenue. Popularised and accelerated by Netflix, the migration from traditional linear programming (‘TV’) to VOD (Video On Demand) delivered via the internet (OTT) has transformed the way video is produced, distributed and consumed. This trend shows no signs of slowing with the number of SVOD (subscription video on demand) homes forecast to reach 428 million by 2020, up 251 million from 2015 figures (Digital TV Research).   

With their global scale and growing user bases, OTT service providers are becoming increasingly aware of the burgeoning threat of DDoS attacks. In fact, in a survey conducted by Limelight Networks of over 100 CDN customers including broadcasters, 46% of participants cited DDoS attacks as their top concern. These fears are not unfounded: the digital broadcast industry has already felt the impact of DDoS attacks with Netflix impacted by the Dyn attack, and an attack by pro-human rights group ‘New World Hackers’ in December 2015 bringing down BBC’s online services, including the iPlayer and iPlayer radio app. 

These attacks exemplified the wide-scale disruption that a DDoS attack on a digital broadcaster can cause. By flooding the platform with unsustainable levels of traffic, site performance quality is significantly degraded, causing video content to buffer or become unavailable. If a user can’t access content, or its quality is poor, customer experience is damaged, translating to a bruised reputation for the brand. In this ultra-competitive sector, subscribers can all too easily take their business to competitors meaning OTT service providers cannot afford to compromise customer experience.   

The stakes are raised even higher by the fact that the likes of Amazon and Netflix, as well as broadcasters with strong digital platforms like BT and Sky, are producing more digital-first original content, creating the phenomenon of global digital TV peak events. This refers to the release of a popular, highly-anticipated show which causes a sharp increase in traffic levels during a specific time frame, an example being Amazon Prime’s recent release of ‘The Grand Tour’, whose debut episode was streamed by millions of viewers during its first few days of release. These key streaming moments offer huge rewards, but pose just as many risks. By launching an attack during the release of a highly publicised and in-demand show, attackers can ensure maximum levels of disruption.   

The motivations for these attacks vary but this year has seen hacktivism evolve into a major threat, with digital broadcasters becoming prime targets as they can be considered as representative of a culture or even political state. Given how political events in 2016 sowed uncertainty and concerns about state-sponsored cyberattacks, it’s entirely possible that prestigious digital content events like the new season of Game of Thrones or House of Cards could be targeted in some way.   

Despite this, only thirty-three percent of those surveyed would worry about their brand’s reputation following an attack. Digital broadcasters and other content providers must take heed of heightened threats, and review the ability of their digital storage and distribution infrastructure to counter a potential DDOS attack. Content delivery networks are integral to this strategy. They play a vital role in absorbing the force of an attack through added terabytes, and work to detect and mitigate attacks to restore normal quality of service as quickly as possible. In fact, over half (53%) of those we surveyed acknowledged that their CDN was best placed to protect against DDoS attacks.   

Using a cloud-based CDN solution provides sufficient capacity to fight the largest of attacks without having to invest in on-premise hardware, meaning users can keep streaming content even while an attack is underway. As well as high storage capacity, when evaluating CDNs for their DDOS strategy, broadcasters should look for a CDN that offers proactive detection to avoid downtime. Behaviour-based techniques can trap application attacks that are more subtle and can’t be spotted by simply monitoring traffic volumes. With digital broadcasting being global and dynamic by nature, knowing about an attack after its already underway is too late to protect reputation and advertising or subscription revenues; detection is just as critical as mitigation. 

Additionally, in the event of an attack, it is imperative to be informed of exactly what kind of attack is underway. Therefore, a CDNs ability to provide real time notifications of how large the attack is, and how it is being mitigated is a high priority. 

Finally, any solution to DDOS detection and remediation must come with no major impacts on overall performance.  While a DDoS attack can bring a site down for hours, the performance delays caused by always-on scrubbing solutions add up, and slower website performance translates to dissatisfied users. A high-performing CDN should satisfy the always-on requirement without any peacetime performance penalty.   

A global densely-architected CDN with these features is vital to keeping content online in the event of large-scale attacks, guaranteeing that neither content performance nor brand reputation are compromised. With the industry booming, 2017 will undoubtedly see digital broadcasters at the centre of more sophisticated DDoS campaigns, potentially during key streaming moments. To adequately prepare for when attack strikes, OTT service providers - from established players to market innovators – should act hastily to appropriately identify threats and invest in infrastructure that provides maximum protection. 

Image Credit: Denys Prykhodov / Shutterstock