Cyber criminals use Distributed Denial of Service (DDoS) attacks to target companies and institutions by bringing down servers or web services. For example, attackers bombard a website’s IP address with so much traffic that the website and any web server connected to it are unable to respond to the requests. This makes the website inaccessible to users.
For attackers, DDoS is a simple, effective, and powerful technique fueled by insecure devices, particularly the ever-expanding Internet of Things (IoT). Hackers can easily infect these devices with malware and recruit them into a botnet. They then use the Command and Control Server (C2) to instruct the compromised devices to use part of their computing power to bombard a target server with requests and bring it and the associated website to its knees. Because these requests are highly distributed, distinguishing between legitimate and spoofed traffic is difficult, which is why DDoS attacks are usually successful.
A DDoS attack can result in millions of dollars in downtime and potential lost revenue. While there is no way to completely prevent a DDoS attack, there are some measures that can minimize the damage of such attacks.
First Steps If You Suspect A DDoS Or DoS Attack
If an organization believes it has been affected by a DDoS or DoS attack, it should first contact its network administrator to determine whether the loss of service is due to maintenance or an internal network issue. Network administrators can also monitor network traffic to confirm the presence of an attack, identify the source, and mitigate the situation by applying firewall rules and possibly rerouting traffic through a DoS protection service.
Furthermore, the company can contact its internet service provider to find out whether there is an outage on their side or whether their network is the target of an attack and the company is therefore an indirect victim. The internet service provider may also be able to advise the company on a suitable course of action.
Additionally, if there is a possibility that an organization could be targeted by DDoS attacks, it may be worth adding a section to the disaster recovery plan to ensure team members across the organization are prepared in the event of an attack can communicate efficiently. Businesses can also consider subscribing to a DoS protection service that detects anomalous traffic. These services typically route traffic away from the corporate website, where it is either filtered or dropped. Depending on the service, these solutions can also help mitigate DNS amplification attacks, SYN/ACK, and Layer 7 attacks.
Measures To Defend Against DDos Attacks At A Glance
- Protecting organization’s domain names by using registrar locks and verifying correct domain registration details (e.g. contact details)
- Ensuring that 24×7 contact details are maintained for Service Providers and Providers maintain 24×7 contact details for their customers
- Implementation of uptime monitoring with real-time alerting to detect denial of service attacks and measure their impact
- Separation of critical online services (e.g. email services) from other online services that are more likely to be targeted (e.g. web hosting services)
- Prepare a static version of the website that requires minimal processing and bandwidth to facilitate continuity of service in the event of denial of service attacks
- Using cloud-based hosting from a large cloud service provider (preferably multiple large cloud service providers to maintain redundancy) with high bandwidth and content delivery networks that cache non-dynamic websites.
The goal of any DDoS attack is to cause as much damage as possible to the targeted organization, whether as part of an attempted extortion by cybercriminals, as an act of sabotage by competing companies or nation-states, or as a politically motivated protest action. However, with the above mitigation measures, organizations can significantly mitigate the impact of an attack.