11 2016 | SECURITY

 11 Digital attack maps visualize live data of DDoS attacks around the globe. (see below) © paysafecard

Under Attack

More than 2,000 DDoS attacks are observed worldwide on a daily basis, according to the security firm Arbor Network’s threat report. This is a significant increase on last year’s numbers. But that’s not the only problem as PIN discovered in discussions with Roland Schaar, CIO at Paysafe and responsible for IT and Security.

In September 2016, it was 20 years since the IT-security community learned about the meaning of Distributed Denial of Service (DDoS) attacks. Back in 1996, Panix – a server company located in New York – was the first victim of a synchronized flood attack (SYN). Or put more simply: An attempt to make an online service unavailable by overwhelm­ing it with traffic from multiple sources. The whole Panix-Network was down for several days. This incident showed the American public the importance of the constant availability of online services for the first time. It also woke security experts up to how vulnerable IT infrastructure was back then. “Since then, a lot has changed for the better,” says paysafecard’s Roland Schaar while adding that not even the Computer Emergency Response Team knew what to do against the attack in 1996.
However, recent examples show that the simple and low-key attacks from back then have morphed into a serious threat to the availability of ­online merchants. The gaming scene has especially been hit hard by hacking communities, like poodle corp, for example. Very complex DDoS-attacks were used to sabotage the launch of the Beta of Blizzard’s World of Warcraft in July of this year and threatened to make the site of the online game unavailable during the days of the official launch. So why is it so difficult to mitigate DDoS attacks after 20 years of research on the topic? “There are a number of reasons. Firstly, it is too easy and too cheap to launch a DDoS attack via the dark net. Prices are starting from $150 for small attacks,” says Schaar and then adds: “But the ­bigger problem is that these attacks are becoming more complex and incredibly big.”

»We want to absolutely make sure that the merchants have paysafecard as a payment option available at all times.«

- Roland Schaar,

CIO at Paysafe and responsible
for IT and Security 

One reported example of this paradigm is the attack on KrebsOnSecurity by journalist Brian Krebs. He wrote an article on some hackers running a DDoS-for-hire-­network, who were then caught. As a result, his website was faced with the biggest DDoS attack ever recorded. The attack began at around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second. Martin McKeay, senior security advocate of KrebsOnSecurity host Akamai, said the largest attack the company had seen previously clocked in earlier this year at 363 Gbps. However, he thinks there is a major difference between the DDoS on KrebsOnSecurity and the previous record ­holder: The 363 Gbps attack is thought to have been ­generated by a botnet of compromised systems using ­well-known techniques like DNS reflection which allowed them to amplify a relatively small attack into a much ­larger one. In contrast, the huge assault on ­journalist Krebs’ ­website appears to have been launched almost exclusively by a huge botnet of hacked devices.


“We are confronted with a totally new approach here,” explains paysafecard security expert Schaar: “This focuses on the hacking of the so-called Internet of Things (IoT) devices like ­routers, IP cameras and digital video recorders (DVRs) that are exposed to the internet and protected with weak or hard-coded passwords.” If this is true, it’s bad news for the security community. The use of thousands upon thousands of IoT devices all over the world as one huge botnet makes it seem very likely to expect that monster attacks will soon become the new norm.

And the numbers seem to back that assumption. Focusing on the first half of 2016, Arbor recorded a 73% increase in peak attack size over 2015 in its ATLAS Security Report. In total, 274 attacks over 100 Gbps were recorded during the first half of 2016, as opposed to just 223 in 2015. Arbor also recorded 46 attacks over 200 Gbps during the same period, compared to just 16 during the whole of 2015. During the first half of 2016, the average DDoS size hit 986 Mbps, a 30% increase over 2015. Given that a 1 Gbps attack is generally enough to knock most organizations ­offline, these attacks are dangerously close to causing real damage to businesses.


“For us here at paysafecard, it’s extremely ­important to have a multi-layered approach to mitigating DDoS attacks for that reason,” says Schaar. “It’s not only that we lose business and reputation when our ­service is down due to an attack. We want to make abso­lutely sure that merchants have paysafecard as a ­payment ­option available at all times.” So far, Schaar and his team have proven to be extremely successful on this front. Their service has not been down for even a ­second during recent years. He believes the reason for this to be thanks to their deployment of ­­multi-layered and purpose-built DDoS mitigation solutions. “We have protection in the Cloud to stop today’s high-volume attacks and we have on-premise protection against stealthy application-layer attacks and existing stateful infrastructure devices, such as firewall, IPS and ADCs.” But this isn’t enough, says Schaar: “It is also extremely important to work with a tight-knit network of security experts outside of ­paysafecard.” He then gives a big smile: “Together we always have to keep track of what the bad guys are up to next.”