In this episode we discuss the 25th anniversary of the first DDoS (Distributed Denial of Service) and why this cybersecurity threat is a tricky one to solve. 

00:00 to 2:00 Intro to Pankaj Gupta (@PankajOnCloud,CITRIX)

Pankaj leads product and solutions marketing and go to market strategy for cloud, application delivery and security solutions at Citrix. He advises CIOs and business leaders for technology and business model transitions. In prior roles at Cisco, he led networking, cybersecurity and software solution marketing.

2:20 The 25th anniversary of the first Denial of Service attack against Panix, an Internet Service Provider (1996) (https://en.wikipedia.org/wiki/Denial-of-service_attack#Distributed_attack)

25 years later, the largest DDoS attack ever recorded targeted  Russian ISP Yandex (https://www.cpomagazine.com/cyber-security/russian-internet-giant-yandex-wards-off-the-largest-botnet-ddos-attack-in-history/). Pankaj notes how this was exactly 25 years later to the month.

3:15 What is a DDoS Attack? 1) Connection overload 2) Volumetric like ICMP flood 3) Application Layer 

5:20 Coinminer as an example of Denial of Service when CPU is exhausted

6:00 Why are we still talking about DDoS 25 years later? Pankaj states that they are now easier than ever to perform. 

7:00 Larry asks about the connection between ransomware and DDoS

9:00 Pankaj describes how the motivation for DDoS has shifted from hacktivism to financial motivation 

9:30 Joe asks how much it costs for an attacker to operate 

10:00 Pankaj explains that unskilled attackers with access to the Dark web can orchestrate attacks

11:45 Joe discusses how many attackers target healthcare despite how this hurts people

12:45 Pankaj discusses that while federal laws exist, very few are prosecuted for DDoS attacks.

13:50 Larry asks whether businesses are paying the ransom 

14:15 Pankaj says paying the ransom is never recommended. Instead, Pankaj recommends investing in DDoS protection solutions

15:25 Joe asks whether tools exist to quantify costs for downtime to justify the expense of DDoS prevention solutions. 

16:30 Pankaj explains how it is not just the economic impact of downtime that is to be factored into the equation but also the damage to reputation by losing customer’s trust. 

17:30 Pankaj describes three trends that will cause DDoS attacks to increase in the future (things will get worse rather than better). This is due to increased bandwidth for 5G, exponential growth of IoT devices, and the improved computation power. 

18:30 What is IoT? (Internet of Things). This is any device that has an internet connection such as a Nanny Camera, home router, or NEST Thermostat. Bad actors exploits vulnerabilities to transform these devices into a “BOT Network” that the attackers can then use in mass quantity against a single target. This forms the source for the DDoS attacks. All of these devices combined will send packets to the victim website. 

20:50 What solutions exist for DDoS? Joe explains how he has solved DDoS historically using services from CloudFlare. 

22:00 Joe explains how he configured DDoS protection by configuring DNS, and the weakness when attackers discover the direct IP using OSINT

23:15 Joe asks Pankaj how does Citrix compare with competitors 

23:35 Pankaj describes four key criteria when selecting a DDoS solution. 1) The solution should protect against a variety of types of DDoS attacks 2) Can the solution scale? As DDoS attacks increase in size 20% Year over Year (it’s expected to be 3 terabits). 3) The advantage of a cloud-based solution is that it can auto-scale in bandwidth whereas an on-premises DDoS solution cannot guard against bandwidth saturation. 

25:50 Joe asks Pankaj if Citrix u