Following the DDoS attack on our website last weekend, we host this week Yisrael Gross, Co-Founder of L7 Defense, who explains what DDoS and Botnets are, and how online businesses should prepare themselves for cyber attacks.

Yisrael Gross is the Co-Founder & VP Biz Dev of L7 Defense, a cyber security company and the developer of Ammune, a virtual platform for mitigating DDoS attacks automatically and in real time. Enhancing the self-learning intelligence of the immune system with dedicated ML components enables the system to mitigate unknown, under-the-radar DDoS attacks as well as heavy floods.


What Are DDoS Attacks?

L7 Defense is Yisrael’s third startup. He was approaching the cybersecurity market because he identified the growing need, in particular, DDoS:

“In 2014, we were looking at trends in the market of cybersecurity. And we were looking, what can be the best niche L7 Defense can start with. What can L7 Defense solve that wasn’t solved till today. What we found out is that DDoS as a very old type of attack is actually evolving. And I’ll get to what’s DDoS. And we saw that there is a big need for a new type of solution to stop these type of attacks. So, of course, we deep dived into what is actually this denial-of-service (DoS) attack, or this distributed denial-of-service attacks.

One of the basic things of the internet is that your customers can approach you, can meet your website, your online marketing, your online business financial institution. You can do everything online and you want to be available 24/7. It’s not like when we had a physical store, so this store’s open this time to this time. But today, customers want service 24/7, especially if you’re a global company and you have multi-nations people approaching your website. That means you have to be available 24/7.

The second thing that came in was the customers demand that they want the service now. They’re not going to wait. They cannot wait until the website uploads. They don’t care why the website is not uploading in two seconds, they don’t want to see service down. Cause they would open multi tabs and they would find something that opens immediately and then buy online the flight or order food, whatever they do online just from the first one that opens. We understand how important it is that your website would be always available. From the other side, we can see the hackers, they see this as an opportunity. I can cause damage to a company just by making the website not available.

This is how the DDoS started. It started with denial of service, meaning I won’t give you service to your website but then it came to distributed. That means this is a much more massive attack, above the capacity of this website.”


How Difficult Is It to Launch a DDos Attack​?

As explained in Kaspersky’s website, the word Botnet is formed from the words ‘robot’ and ‘network’. Hackers use special Trojan viruses to breach the security of several users’ computers, take control of each computer and organize all of the infected machines into a network of ‘bots’ that the criminal can remotely manage.

Often, the hackers will seek to infect and control thousands, tens of thousands or even millions of computers, and act as the master of a large ‘zombie network’ – or ‘bot-network’ – that is capable of delivering a DDoS attack or other types of cyber attack.

But how difficult is it to create a botnet and launch a DDOS attack? 

“The answer is, it’s so easy to have a botnet. First of all, they sell them online, you can buy list of botnets. You can buy even an attack online. If I just want to have attack on someone, just go online and for the price of a cup of coffee, I can buy a DDoS attack. It’s three to five dollars I can have an attack. It’s per hour. And this is how easy it is to buy an attack. But if I want to create a botnet, how do I do it? I can give you an example.

Google found that on the Google Market, there was 300 apps that had 100,000 each one of downloads that they were using your phone, iPhone and Android, probably used the Android because of Google. And they were using it to use your phone to actually try to attack someone else with DDoS attacks. That means, it was sending from your device, your kid downloads a game or you download another game, another app, you don’t remember even, and it just sending information from your phone. It’s not stealing your information, it’s just like trying all kinds of requests to this specific organization they want to hack now. So they can have millions of domains just from simple apps in the App Store. This is one example.

Another example, so all of those CCTV cameras can be hacked, was example, the Mirai botnet. Let’s talk about that. The Mirai botnet is in Japanese, the future. And they created a massive attack with over one point six terabyte attack on a United States, it was tenth of October 2016. And then it took down half of the internet companies in United States, east coast and west coast. We talk about companies like Netflix, Facebook, Twitter, all down. It was the weekend, so it was not such a crisis but all of those internet companies were not available. Because it was attack that uses only 160,000 devices. Is this a lot, 160,000? Not at all. Because with a simple hack I can get to much more than half a million devices are connected, for example, cameras. And I can have the passwords for those cameras and I can hack 500,000 cameras, using them to do a DDoS attack.

In China, there’s botnets of a million devices. So if 160,000 devices did an attack of 1.6 terabyte and it was like, the end of the world, okay? People didn’t have the Facebook, wow, what could they do? They going to have to meet their friends but, actually, organizations are losing money. So this was the biggest change last year, so it was late 2016, and since this Mirai attack, there have been many evolvements, many changes where people use the same code and different botnets and would just like doing all these attacks.”


Should Every Website Owner Protect Himself From DDoS Attacks?

Many of our customers ask themselves: “Am I at risk of a DDoS attack?”

Yisrael says:

“Let’s take this problem and make it more simple. If I’m a small company, I have just one website and just sell online, I can say, most likely, I won’t be under attack because no one has really an interest to attack me. I always say, if you are under attack of DDoS, it means you are big enough. And you should take it as a compliment that you are big enough, someone is willing to attack you. That’s why we can see, what’s the solution today for these small website with not so much traffic? The most simple thing that they have, many companies give you a complimentary solution for free. Companies like Cloudflare, good company. They give you protection for websites for free, for basic solution”.

But when your business starts growing, and your customers are doing online transactions in really big numbers. So you have customers, you have like a hundred customers an hour buying products, you should start being concerned about your traffic. What happens if you go and not be giving service for one hour. How much is this going to cost me? Then you start, you think, what should you do? There’s also another start solution, you can start with a very basic solution. Also in those CDN companies, they have very small solutions for smaller customers, it’s about 200 dollars a month, it’s not big money, and then you also get a good solution. These are always when you’re small and it’s good, it’s comfortable, you get the best solution. I don’t think most of the customers that have a simple website need more than that.

When you need more, that means when you’re a financial institution, when you have a lot of money online, then you’re going to be targeted by those hackers. And then when hackers are targeting you, these basic solutions won’t help anymore because they know exactly how to attack and they have these very sophisticated attacks.”


I Think My Website Is Being Attacked. What Should I Do?

Let’s say that I’m a site owner, perhaps a small design agency or a marketing agency, and I found out my website is being attacked. What are the steps I should make to protect myself?

“So you have customers complain, you see trying to log into your website, you’re not able. All kinds of things alert, you say, whoa, something’s wrong here. Let’s check it out and then you can see the log, if you understand you can look at how much traffic you have, where the traffic come from, start looking into it. So the idea is to first identify that you’re under attack. I would say it’s pretty easy. DDoS has one point to do. That means make your website not available or make functions of your website not available. If it didn’t have this impact, it’s not harming you. You can have a small attack that doesn’t cause you damage, but who cares because it’s not harming your system. Customers can log in and everything’s fine.

When the problem starts, when some functions or the entire website is not available, then you say ‘wow, I have to be secured’. A lot of segments, they don’t have this in the DNA because you say, ‘I’m a web designer, who should attack a web designer?’. Usually they’re not under attack. And for these customers, they won’t do anything til they see something is wrong. And that’s correct, they don’t have to because, most likely, they won’t be under attack. There are some fields that they’re attacked by definition. For example, gaming companies, gambling, online marketing, finance online, everything that is money online that’s where you are targeting because customers understand you’re making money. Their customers working with you, interacting with you, that means not only information there’s much more interaction and that’s where it starts to be more valuable.

If it’s about you communicating with the customer through the website, this is something that starts to be important for you. That means, if enough customers are doing these interactions with you and they’re trying to do the process and they’re not available, then you’re under a DDoS attack, probably. And then you have to look for security. Til then, you most likely won’t do anything.

So when it happens to you, this is also very basic thing, you can go to the website, unload your site to one of these free services for DDoS and you are protected for the basic. When you grow the business and your business is big enough and you’re going to be targeted with  very sophisticated attacks where those solutions are not giving you enough, then you have to buy a higher level of security inside those companies.”