Cyber criminals have expanded their operations to use distributed-denial-of-service (DDoS) attacks to extort a variety of small to medium-sized businesses previously thought safe, according to CloudFlare CEO Matthew Prince (pictured left).
Prince told V3 that CloudFlare has seen a marked increase in the number of attacks hitting firms previously thought too small to be worth targeting. "It's really remarkable some of the strange places you see attacks. I can't tell you if the UK is more or less prone to them, but for us the biggest surprise has been who gets attacked. We see things we'd never expected, like attacks on flower stores," he said.
"We saw this wave of attacks where about 1,000 flower stores got ransom notes on the day before Valentine's day, all around the world, that said, ‘pay us the equivalent of $1,000 or we'll knock you offline on your biggest day of the year'. Who'd have ever guessed a flower store would be a DDoS attack target? Financial services, you know big companies, those are the guys you expect to get hit."
Prince said the expansion is likely due to the ease with which cyber criminals can now mount DDoS attacks. Prince cited the firm's experience in mitigating an attack on anti-spam campaign group Spamhaus as proof of his claim. "We believe that the Spamhaus attack, which was a very large attack, probably required 10 lines of code. Often denial of service attacks are not the most technologically savvy attacks; what they require is a patience to acquire significant resources to use in the attack," he said. "It's less that there's a ton of technical skill out there, it's just that there are people patient enough to take the time."
Prince said that as well as SMEs, the increased ease with which criminals can mount the attacks has led to some more bizarre cases. "Most attacks you see they hit you for a day and then they tend to go away. But recently there was this one site we saw getting hammered day after day, and it went on for week, a month and then several months. It wasn't the biggest attack we've seen but it was a sustained 20GB to 30GB of traffic and the attack was – of all the things – against something like Independent Irish Escorts," he said.
"We had all kinds of theories around the office about the reason, but after about three months we finally got the web administrator of the site on the phone and it turned out the ‘Independent' in Irish Escorts meant escorts without pimps and a bunch of pimps hadn't taken kindly to this and one of the weapons used was DDoS."
Despite the change in nature, Prince said the security community is more than capable of dealing with the threat. "It's becoming easier for any site to protect itself from these sorts of attacks, using services like CloudFlare. The size of the attacks is definitely rising, but it's our job to make sure we're adding capacity and building up our networks faster than the attackers," he said.
"For example in the Spamhaus attack the majority of the traffic was sent through these open DNS recursors or open DNS resolvers. This meant people were going ‘oh, wow there's this massive problem in the internet', but if you look back people have been talking about the threat of open DNS resolvers and how they can be used this way all the way back in 2001. They're the equivalent of the caveman with a big club. The clubs are definitely getting bigger but I don't think anything about the attacks is particularly new or novel," he said.
Prince said British firms are particularly capable of dealing with the threat as government investment in cyber skills has radically increased the region's talent pool, listing it as a key reason CloudFlare chose the UK as its European base of operations. "We have worked to get engineering to the point that we're an order of magnitude more efficient at processing a bite of information than anyone else and to do that we have to have the best engineers in the world and not all of them live in San Francisco," he said
"So when we looked to expand we looked at other great technology hubs and London ended up being the obvious choice for talent, even though it isn't the cheapest place to set up shop. For talent it made a ton of sense."
Prince's comments refer to the UK government's ongoing Cyber Strategy. The strategy was announced in 2011 when the UK government pledged to invest £650m to help bolster the nation's cyber defences. Educating the next generation of skilled security experts has been a key tenet of the strategy since it began. Most recently the government pledged to invest £7.5m to create two new higher education centres designed to train 66 new security experts.
Commons Science and Technology Committee calls for new post-Brexit skilled-workers immigration system
Committee calls for visa-free travel and permit-free work for skilled workers
Eleven 'normal' outer moons, and one described as 'oddball' found circling Jupiter
Scientific discovery has found a quadrillion tonnes of diamonds in the earth's mantle
Mobile payment app makes users' details public by default