As attacks are getting more sophisticated, so must our defences
The threat to corporate networks from DDoS attacks has never been greater. Despite some wins of recent, such as the takedown in April of Webstresser – an online DDoS-as-a-service website, organisations cannot take their guard down.
Such a service meant that criminals could flood servers with traffic for as little as $18 per month. With no technical expertise, criminals were able to launch around four million DDoS attacks against a wide range of targets, such as banks, government agencies and private companies. For the victims, around a third of downtime is due to DDoS attacks.
The reasons behind such attacks as varied as the targets themselves. Extortion: an attacker aiming to directly profit from disrupting a victim’s service by demanding a payment to avoid further disruption. It could be a rival firm looking to take out a competitor’s website.
A DDoS attack could also be part of a political campaign against a government organisation or as a punishment for an organisation’s actions.
Hackers could launch a DDoS attack to fine-tune their DDoS weapons for future attacks against other victims or as a distraction from other intrusive activities carried out elsewhere on your network.
These attacks are becoming bigger, more frequent, and more sophisticated. The explosion in the use of the cloud, the digital transformation that many companies are undergoing, benefits both victim and attacker.
Different styles of attack
For the attacker, DDoS attacks come in a wide variety, but can be generally divided into three styles of attack.
The first are volumetric attacks. These are the DDoS attacks most people will recognise. A massive amount of traffic overwhelms a server, causing it to become unresponsive. Botnets formed of thousands of compromised machines (such as IoT devices) under the control of an attacked are used in these attacks.
The second style of attack are protocol attacks where there is an attempt to disrupt the connections between web servers, load balancers and firewalls, taking up the processing capabilities of the targeted system.
Lastly, there are applications attacks where known vulnerabilities are exploited in applications to hog transactions and processes. These only need a few devices under the control of an attacker to carry out.
Getting intelligence on DDoS threat
There are massive amounts of data created daily about attempted attacks on infrastructure. But this data has to be transformed into actionable insights to be of use in defending networks.
We have created our DDoS Threat Intelligence Map to enable organisations to picture the threat landscape. This map comprises of millions of threats that are updated to make intelligence more actionable. It includes IP addresses of reflection attack agents, sprawling IoT botnets, and DDoS botnets.
That way, organisations can better plan for future DDoS attacks on their infrastructure; by knowing where the attacks are coming from, you construct a better defence.
Countering the attack
As there are many different ways an attacker can mount a DDoS attack, DDoS protection comes in many guises.
At the first line of defence, organisations should use their existing firewall, intrusion prevention system (IPS), and load balancers alongside dedicated DDoS protection devices that can provide mitigation against large-scale and advanced DDoS attacks. It is important to have enough bandwidth, throughput, and connectivity to deal with DDoS attacks while maintaining service availability.
In addition, there should also be a means of mitigating a DDOS attack. This means proactively detecting and protecting the intended target and networks from a DDoS attack. Successful DDoS mitigation involves dividing incoming traffic into known human traffic and bot-generated traffic by using threat intelligence to compare incoming signatures and scan traffic attributes. An effective DDoS defence should be precise, scalable, affordable and most importantly, efficient (as discussed in an earlier article on this topic).
The best forms of DDoS protection combine the power of cloud DDoS scrubbing with the more precise on-premises DDoS protection solution. These together give the enterprise greater protection.
It is always best practice to use anti-DDoS technology alongside an emergency response plan. In addition, organisations should always check the network’s security performance to ensure their security solutions will work when a DDoS attack is in motion. This will ensure that any network investment is up to the job.
