We Cannot Fight DDoS Attacks With Our Eyes Closed

Written by

Whilst distributed denial-of-service (or DDoS) attacks aren’t a new challenge for businesses to deal with, they are increasing in size, scope and frequency.

In fact, we find ourselves at a point in time whereby these attacks are at an all-time high, with the fourth quarter of 2015 showing an 85% increase in DDoS attacks. Businesses, then, need to be better prepared to face this type of threat.

First thing’s first: when going into battle, you need to know what you’re up against. As the name implies, a DDoS simply tries to prevent a service from working and in this case, the attacker uses a large number of machines from all over the internet to send vast amounts of traffic towards the unwitting target.

By flooding a targeted website or server with enormous amounts of malicious traffic, criminals are overwhelming businesses and forcing their internet-dependent properties offline temporarily. While sometimes used as a threat in ransom demands or even for politically motivated attacks, the fact is that even “just” being taken offline can have significant impacts on huge consequences in terms of loss of revenue and damaged brand reputation and tech credibility.

These attacks, however, are not always the orchestration of highly sophisticated cyber masterminds. Hacker forums, blogs and even YouTube videos make information on how to set up a DDoS attack easily accessible to someone who has an Internet connection. Furthermore, Arbor Networks recently suggested that Russian attackers can now be hired to knock a website offline for as little as £40 a day. This means that most pretty much anyone can launch their own attack with fairly limited hacking skills these days.

How can you tell if you’re the victim of DDoS?

When dealing with a DDoS attack, it can be challenging to determine whether your website is down due to legitimate traffic volumes or because of an attack. Unfortunately, businesses are unable to simply check to see if all the traffic is coming from one IP address because of the nature of DDoS attacks whereby traffic comes from multiple sources.

The way in which you can tell the difference is determined by the length of time the service is down – if slow or denied service is occurring for a long time rather than just a spike during a planned campaign, then businesses should be looking into the cause of that problem. Such insights can be gained by better monitoring internet performance within an organization, as well as having a greater understanding of the workings of the business network.

How can you prepare yourself?

With DDoS attacks fast becoming one of the easiest and yet most effective ways for the bad guys to cause havoc for companies, businesses need to be looking into ways to protect themselves from falling victim to such attacks, before it’s too late. Here are just some steps you can take:

1. Define normality

By investing in technology that allows your IT department to know and understand what your network’s normal behavior is, you will be made more aware of any abnormal incidents happening within the network, such as a DDoS attack. Having tools that monitor internet performance outside your network is one step better. Without this level of visibility into your assets, both in and out of your infrastructure, you are fighting the threat blindly.

2. Manage the load

Provision enough server capacity and tune it for best performance under high load. By building the biggest network you can with effective elements for advanced mitigation. In addition, have backups in place that can redirect traffic and mitigate the threat.

3. Practice makes perfect

Whilst you might have the best defense mechanisms in place, knowing how to use your defensive strategy is just as important as buying and installing it. Rehearse best practices over and over again to get it ingrained in your employees’ minds.

4. Ask for help

If you don’t have the resources to deal with attacks in-house, outsource to a managed DNS provider who can redirect site visitors to hosts that aren’t down with advanced features like load balancing and Internet performance management.

5. Preparation is key

The best way to avoid any disruption from a DDoS attack is to be prepared. In today’s threat landscape, it’s no longer a question of ‘if’ your company will become the target of cybercrime, it’s ‘when’. You need to figure out what financial impact a DDoS attack would have on your company should it happen.

Businesses need to think about approaching security and the prevention of DDoS attacks by weighing proactive cost against potential loss and deciding how much they are willing to risk. Companies, today, need to remove the blindfolds and gain better visibility in their networks to better detect and correct attacks as and when they happen. Doing nothing is no longer an option.

What’s hot on Infosecurity Magazine?