Things DDoS Attackers Really Don’t Want You To Do.

Historically, one approach to making grievances heard is gather a group of people who are likewise interested in voicing their grievances, make some signs and loiter outside wherever whoever whatever company or organization grieves ya.

How things have changed.

It is trivial nowadays to purchase hacking tools, such as ones that make it very easy to stage an attack on the offending organization’s website and bring their day to a screeching halt, either by bringing the site down altogether, halting any online revenue, or transforming elegant website copy and images into a bed of oozing inappropriateness of the worst order (we don’t need to get too descriptive here – use your imagination – it happens more often than you think).

Any of these sorts of attacks put a business’ reputation at risk and are reason enough to be sure you have a Disaster Recovery plan, one that is tested and valid, along with an Incident Response Strategy to mitigate risk right away, rather than trying to formulate that plan in the midst of it.

Any of these kinds of attacks are easy and inexpensive to acquire and take little or no technical know-how to execute. All it takes is a grievance, a few bucks and a lack of ethics.

Distributed Denial of Service (DDoS) attacks are the most common of these. In 2014, DDoS was the attack most commonly-used against businesses of all shapes and sizes, accounting for 60 percent of all attacks. The total volume of such attacks is growing exponentially, from 48 times per day in 2014, up from eight times per day in 2013.

A steady increase in DDoS attacks are also being used as a tool for extortion, where specific groups threaten to execute an attack unless the organization pays them in untraceable currency, such as Bitcoin.

As our commerce systems are becoming more and more interconnected and interdependent by the day, a disruption of one link in the chain will turn into a ripple effect in short order, in turn impacting business.

Want to learn more about these? Read on.

However, if you’ve heard enough and want to learn how to protect your bottom line, get in touch today.

Call or email and start getting your plan together right away.

What is DDoS and how does it work?

How does a DDoS attack actually work? What are some best practices for due diligence?

In a nutshell, a DDoS attack sends an overwhelming number of requests to a website or service, which overloads the hidden machinery behind it, so that the site or service is inaccessible to legitimate requests. These come in four distinct flavors:

Volumetric attack: This attack jams the main website connection with fake requests, meaning Web pages and services are either impossibly slow to respond or completely unavailable.

DNS reflection: This is a far more sophisticated attack. When a targeted system is hammered with fake requests, it responds to the bogus tsunami of requests by sending out more requests of its own, causing it to “reflect” as much malicious traffic as it is receiving. Incredibly effective.

SYN flooding: This type is somewhat similar to a volumetric attack, which sends a specific type of request to a server, which the server tries its best to respond to. The requests eventually hit a critical mass that consumes enough resources to render the host unresponsive.

Slow attacks:  This type opens as many connections as possible to a server or servers. Keeping those connections open as long as possible, they begin sending bits of data right before the connections time out. While the traffic and overhead are low, the sheer volume of connections blocks any other inbound (ie legitimate) traffic.

How do we defend our businesses against them?

Defending against any type of attack comes with each their own inherent challenges. Attackers with any level of fluency know the ins and outs of best defenses and the trade-offs of performance and availability. More seasoned attackers blend the types of attack to make mitigation more difficult. Many will use cheap high-volume methods alongside more sophisticated approaches.

Nonetheless, there are some useful steps we can put into practice right away:

1. Employ a scrubbing service as part of your Business Continuity Strategy
When faced with large volumetric attacks, the first thing an organization should do is route all Internet traffic through a dedicated, cloud-based scrubbing provider. This can remove malicious packets from the stream, which is why these providers are the first line of protection for large volumetric attacks. They have the necessary tools, bandwidth and experience to clean network traffic so that DDoS packets are stopped so that business can continue.

2. Dedicated DDoS mitigation appliances can quickly isolate, and remediate attacks
DDoS attacks are complex even in their simplest form. When combined, volumetric and other more complex methods require a combination of mitigation strategies. The most effective solutions is to use a dedicated appliance. Firewalls and intrusion prevention systems outfitted with unified threat management tools are critical to mitigation and DDoS security devices provide an additional layer of protection through specialized technologies that can quickly identify and deny advanced DDoS activity in real-time.

3. Tune your firewall to handle large connection rates
Firewalls and security gateways play important roles during DDoS attacks. Systems and Network Administrators can adjust configurations to recognize and treat volumetric and application-layer attacks in pro-active ways. Depending on the firewall and its capabilities, configurations can also be made to block DDoS packets and improve firewall performance even while under attack.

4. Develop and test a strategy to protect applications from attacks
Security solutions are important but Systems and Network Administrators can also tune their web servers, use load balancing and content delivery strategies to ensure the best possible outcomes in the event of an attack. This should also include tripwires alerting defenses of multiple login attempts because malicious automated activities can be blocked by including web pages with offer details, so that real, human users are required to perform actions, such as clicking on ‘accept’ or ‘no thanks’ buttons in order to continue into a website or resource. Content analysis is a great approach too: ensuring files hosted on high-value servers are not huge or require a lot of resources can make a big difference in overall performance.

Without a doubt, DDoS will grow in popularity because it’s so cheap, easy and effective. By understanding how these kinds of attacks work and some best practices for being prepared and mindful of them, organizations are better positioned to minimize their impact and get back to the business of doing business as quickly as possible.

Protect your business from DDoS and more.  Get in touch.