On October 16, 2018, YouTube sent a terse message to users and the world. Yes, something was wrong with their streaming video and music feeds. All services were down temporarily. No worries, though, they assured. Whatever was wrong, YouTube IT pros were working on it. Everyone would be notified as soon as the problem was fixed. Service returned in about 90 minutes, and life went on. What went wrong? A Distributed Denial of Service attack crashed the Google-owned media sites.
However, if YouTube knew who did it or why they weren’t sharing the information. As we all know, not knowing the perp meant that there was a mystery. So, theories about who did the deed were as thick as blowflies on a wildebeest. The least far-fetched of those theories included two possibilities:
- An unknown entity launched a DDoS attack. YouTube servers crashed and denied users video and music services. End of story.
- The Ghost Squad Hacker group did it. This well-known, pesky group of hacktivists was responsible for attacks on CNN and other news outlets in 2016. So, when they claimed responsibility for the YouTube attacks, many folks believed them. For now, however, the claim is hot air. Despite their boasts, GSH did not provide definitive proof.
So, the mystery remains. No one has stepped forward with convincing information. However, the scenario—major media sites crashed by known or unknown attackers—illustrates an ongoing trend. In the past four years, cyber-attackers have caused major media companies major pain. The New York Times, Spotify, Netflix, Business Wire, The Wall Street Journal, CNN, and Fox News are some of the elite online news and video services laid low by DDoS exploits.
- Why the media industry is cybercrook heaven
- So, what makes media sites so attractive to DDoS attacks?
Unlike its cousin, the DoS exploit, there’s nothing subtle about DDoS attacks. They’re all about brute force, directing a tsunami of junk traffic at a target and smothering its servers or network connections.
IT infrastructures need resources to respond to service requests. If enough requests engulf hardware or a site, its services are overwhelmed. Performance is slowed or shut down altogether.
DDoS exploits use many (sometimes hundreds of thousands) internet-connected devices that cybercrooks hijack and use to drive the attack. Usually, a human operator sets the target and directs the tactics of the attack remotely. Complex scripts provide detailed instructions on where the devices (bots) go and what they do. The growing use of poorly secured IoT sensors and smart devices makes providing foot soldiers multitudes for these mini-cyberwars easy.
There are good reasons why online and streaming media companies make juicy DDoS targets.
- Media companies are late adopters of security technology. They are still learning the subtleties of DDoS-related network behavior and potential security solutions.
- Downtime is the enemy of revenue. Increasingly, consumers rely on the Internet for fee-based entertainment. They’ve come to expect high-quality video and audio with no internet downtime. Attackers crash or threaten to hit an online site, damage the target company’s cash flow, and strain customers’ loyalty.
- Entertainment sites accumulate valuable information. Centralized databases of subscription-based media companies have become repositories of all the customer information needed to monetize online entertainment services. They are tempting targets to enterprising cyber crooks, who break into a data store, steal its contents, and sell it on the dark web.
Three mitigation must-haves for media companies
These bullseyes make it critical to have the right protection in place. Here are three capabilities to watch for when looking for a DDoS mitigation provider:
- Traffic monitoring and analysis. Effective DDoS mitigation services must collect, track, and analyze detailed, real-time traffic data. Displaying the data on easy-to-use dashboards enables IT pros to understand—and respond to the data quickly. Deep packet inspection, another monitoring method, looks at each bit of traffic and blocks malicious traffic. This capability enables legitimate visitors to access media content without any delay.
- Rapid attack response. NReliable DDoS mitigation services must detect, react to, and neutralize attack traffic in seconds. Nothing annoys streaming media customers, like video or audio that stalls or goes offline, even for a moment. Reliable media services mean zero downtime, no matter what.
That’s right, seconds. The current standard time to mitigation is 10 seconds or less—with a guarantee written into the SLA. A 10-seconds-or-less guarantee means that the DDoS mitigation service provider has the experience and resources that make mitigation fast and predictable.
- Robust processing power. We have entered the era of IoT devices and big data analytics. Media companies must be ready to counter attacks by thousands of bots, severely damaging DDoS attacks.
DDoS mitigation providers use big data analytics as a countermeasure. When a disaster like a DDoS attack strikes a media company, a global network of data centers and scrubbing servers can neutralize infected traffic.
The key is high-speed, high-volume data processing. The data cleanup step in mitigation must process at least 500 Gbps. Anything less couldn’t stand up to the massive attacks launched against high-profile media sites.
Effective security programs in media companies have several essential ingredients. The minimum requirements are constant security vigilance, collaboration with vendors, and attention to new security solutions and services. Consistent application of these best practices can minimize the chance of DDoS attacks. Without them, reliable online media services and their revenues are at risk.