TravelMole
Tech

DDoS attacks a growing menace

Saturday, 25 July 20153 min read

When Polish airline LOT suffered a systems outage last month, grounding flights and stranded passengers for several hours, all signs pointed to a growing cybersecurity problem for big business – a distributed denial of service (DDoS) attack.

The attack disabled the system LOT uses for issuing flight plans at Warsaw’s Chopin airport.

The airline has since confirmed DDoS was the likely cause.

This was a capacity attack, which overloaded our network," said LOT spokesman, Adrian Kubicki.

LOT chief executive Sebastian Mikosz also gave out a stark warning to the aviation industry. "This is an industry problem on a much wider scale, and for sure we have to give it more attention. I expect it can happen to anyone anytime."

DDoS attacks happen for a couple of reasons, namely to protest or to profit. Ideologically motivated ‘hacktivists’ may wish to hurt companies engaging in dubious business practices where it matters most – in the pocket, by denying its ability to operate and make money.

Over the last few years DDoS hackers have graduated to the extortion game. In essence they are saying: "Pay up or we will take down your website." To cover their tracks, ransom demands usually come with a demand for payment in Bitcoin.

In simple terms a bot network is created to overwhelm a website’s servers with fake traffic, knocking it offline. Attacks may be timed to coincide with expected high volume traffic events like a 24-hour flash sale.

Numerous airline websites have caved in under the pressure of heavy traffic during big sales promotions which may or may not have been impacted in some way by the actions of DDoS attackers.

Understandably companies tend to give stock responses to website outages rather than risk losing more credibility. Although maliciously taking down a website doesn’t necessarily impact personal customer data, the inference of any kind of ‘hacking’ is a big PR nightmare for any retailer.

And the problem is on the rise, with 117% more attacks in the first quarter of 2015 compared to a year earlier, according to a report by security firm Akamai.

It says the gaming industry is still the number one target, while travel and hospitality firms are hit less than one percent of the time. However companies in the travel business large or small cannot afford to be complacent. There is a thriving underground market for DDoS hackers for hire. For a few dollars a DDoS mercenary is able to inflict damage under the instructions of a rival firm or even on the say-so of a disgruntled former employee.

One security expert says pretty much anyone can launch a DDoS attack if so inclined.

"Free-to-download attack tools are easy to find, and are essentially point-and-click," said Gary Sockrider, solutions architect at Arbor Networks. "You no longer need to have knowledge, just grab a free tool, type in the target address, and instigate an attack.