Q&A: Mikko Hyppönen, chief research officer, F-Secure

We ask one of the leading experts on cyber crime for an assessment of the recent spate of cyber attacks and the growing threats to companies trading online.

Mikko Hypponen, F-Secure
By
published
in Features

Most companies operating online haven't prepared themselves for an attack like this. Companies that have taken precautions are the ones that have been attacked previously. This is no wonder; getting protection against denial of service attacks is expensive and complicated.

But companies like Amazon have such massive infrastructure. It is much more than just an online store. They have become so large with their internal computing infrastructure that they have started renting it out and is now one of the largest cloud infrastructures, so they have very large server infrastructure and very large bandwidth.

They can defend themselves, but for a lot of companies who are involved in e-commerce or depend on the internet for tools such as collaboration and communications, what should they be doing in light of these attacks?

A good idea is to set up a plan covering what to do, if you are attacked. Of course if you can afford it, it is always a good idea to host your website with a company that specialises in protecting against denial of service attacks, or if you are hosting your own site you can invest in specialist gear [to protect your site].

However, in most cases, it is enough to have a plan for what to do if you are attacked. You might migrate to a different server, change your domain names, change hosting IP addresses or change to a hosting provider that might be able to handle the attacks. Another easy to do trick is to have a spare domain name in case you are attacked, and then you can give out the "spare" domain name to people who need to access your site. Planning is the key, if you have some guidelines to follow if an attack happens, you will be much better off.

Once this type of attack has been demonstrated to be so effective as many people in the information security field think it has been doesn't that open up the floodgates for all manner of people who want to disrupt commerce to follow suit?

It is a real risk, and denial of service attacks are nothing new. We saw the first very large scale one in 2000. Since then we've seen large-scale attacks over and over again, and the motives range from "hacktivism" which is what we are seeing right now to criminal attacks on online stores where the hackers ask for a ransom.

Latest
You might also like
View More ▸