Anonymous and LulzSec attacks focusing minds on security

The threat of attack from hacktivist groups such as Anonymous and LulzSec is having a positive effect by forcing companies to invest more heavily in preventing distributed denial-of-service (DDoS) attacks, although such attacks are fairly straightforward to mitigate, according to internet firm Akamai.

V3 spoke to John Summers, who has been appointed to the new role of vice president of products for security and compliance in response to the surge in such attacks on Akamai's customers.

Summers explained that, in comparison to financially motivated cyber attacks, the Anonymous technique of using the Low Orbit Ion Cannon (LOIC) application is fairly simple to prevent.

"They all jump on the same IRC sites to co-ordinate which site they're going to attack, so of course we jump on the same IRC," he explained.

"Because LOIC is a standard tool we came up with standard techniques to block this kind of attack."

Summers added that the sharp rise in hacktivist attacks, and the perceived threat of being hit, has focused minds among Akamai's customer base on the importance of secure defences.

"When we think about online businesses, of course security is important, but with the rise of this kind of threat there is a realisation that the internet is the front door to your business and if it's closed you go out of business," he said.

"It's really raised the importance of this issue. There is a realisation that your virtual store needs the same protection as a physical store."

The number of DDoS attacks has rocketed over the past year or so, as witnessed by a simple keyword search for the term in Akamai's customer ticketing system, Summers explained.

From a handful of mentions in 2009, the number shot up to 200 in 2010 and over 500 so far in 2011.

Aside from hacktivists, Akamai has noticed cyber criminals using increasingly sophisticated methods of launching attacks in order to bypass traditional anti-DDoS measures.

In particular, attacks are often now geographically dispersed, jumping around the globe from one botnet to another to make them harder to stop, he explained.

"Two years ago DDoS attacks were geographically localised, but in the last six months we've noticed the attack source moving," he said.

"The command-and-control infrastructure has evolved to make this easier. By moving things around you're forcing people to fight the fire constantly as the fire keeps moving."

As such, technology has been forced to move away from blocking an attack based on geography towards behavioural analysis.