- November 16, 2020
- 2 minute read
As threats of DDoS attacks continue to increase, enterprises of all sizes are looking for ways to amp up their protection and mitigation techniques.
DDoS attacks have the ability to disrupt and shut down enterprise systems, so companies are really putting a lot of resources into stopping them. Organizations are countering DDoS attacks in a number of different ways, from different angles, to secure networks against failure and damage.
One of the ways that companies are mitigating DDoS attacks is with added capacity. The arrival of cloud services means companies are much more able to order on-demand server capacity. This helps with peak traffic times, and it can help with DDoS attacks too. By having more overhead capacity, the business network is able to better stand up to the beginning of a DDoS attack as it grows.
Other DDoS attack mitigation strategies have to do with limiting the influence of the traffic that may be involved in these attacks.
In this article we discuss DDoS attacks and 3 steps to better DDoS protection you can implement right now.
A DDoS attack starts with a botnet, which is essentially a group of computers that have been infected with malware and can be controlled as one entity by an outside party. These are private computers that have been hacked without the user’s knowledge and can then be used to attack networks or services in a variety of ways. For example, one DDoS attack might use spam messages to overwhelm an email service and cause issues, while another may use those computers to send fake traffic to a service such as Twitter and temporarily bring it down.
The interesting thing about botnets is that they are widely available on the black market for a range of prices and a variety of use cases. For example, for $200 to $500 you can buy a turnkey botnet with maybe 50 “zombies,” which is the term for the infected computers. For varying fees, you can rent larger botnets with thousands of bots by the hour. The goal of the attack, as well as the target, will determine what type of botnet needs to be used and for how long.
DDoS attacks vary in method and presentation. While some DDoS attacks are designed to saturate bandwidth and infrastructure, other categories of DDoS include session-based attacks, simulation replay and amplification. Attackers are using amplification to dramatically increase the traffic volume received by the target, and to deplete the target’s resources more quickly. These attacks use Domain Name Server (DNS) spoofed requests and public recursive servers, leveraging innocent bystanders as well as bots.
One of the newer developments in DDoS (distributed denial of service) attacks is using Internet of Things devices in place of computers. In the same way that an attacker would create a private network of infected computers to perpetrate attacks and send unwanted traffic to networks and services, hackers are now taking advantage of a 12-year-old vulnerability in the SSH protocols of IoT devices to use them for DDoS purposes. What’s happening is these IoT devices are shipped with this vulnerability in their credentials, which are often used for remotely logging in to computer systems and accounts, and if they aren’t changed immediately after purchase, then hackers can take advantage of the flaw and take over the device.
A typical mitigation process can be broadly defined by these four stages:
1. Identify what you need to protect and the business impact of its loss
Every organization’s needs are different. What Internet-facing assets do you need to protect from DDoS attacks? If you didn’t protect them and they became unavailable, what business impact and costs would you incur, including operational, financial, regulatory and reputation costs?
Knowing what you need to protect will affect the type of DDoS protection. Not all attacks target ports 80 and 443.
2. Deploy a DDoS protection service before you need it
Select a DDoS protection service before you need it. Avoiding the chaos, delays and panic of looking for DDoS protection when under attack has several additional advantages:
3. Develop a DDoS response playbook
A DDoS response playbook allows your organization to experience a controlled, streamlined response to a DDoS attack.
A DDoS response playbook should include incident response processes, escalation paths, and points of contact.
DDoS attacks have the ability to disrupt and shut down enterprise systems, so companies are really putting a lot of resources into stopping them. If you need help with DDoS protection and mitigation, contact us today to help you out with all your performance and security needs.