TechTalk

Our knowledge to you.

Is Your Business Prepared for a DDoS Attack?

On October 21, 2016, the east coast of the United States woke up to find a significant portion of the Internet wasn’t working. Twitter, Etsy, Tumblr, Reddit, PayPal, SoundCloud, Spotify, Amazon, and even the New York Times were among the sites experiencing issues. The culprit was a distributed denial of service (DDoS) attack on Dyn, a New Hampshire-based Internet infrastructure company. The incident was an unusually large attack, and fortunately, it was resolved by the end of the day. However, it illustrates why DDoS is one of the biggest threats to Internet security today.

In a DDoS attack, hackers exploit computer vulnerabilities to create a botnet, an interconnected network of up to millions of machines. The botnet, sometimes colorfully referred to as a “zombie army,” is instructed to send high-volume traffic that overloads a network, effectively blocking users from accessing email, websites, online accounts, or other digital services.

A DDoS is a more sophisticated version of a DoS (denial of service) attack in which an attacker floods a network with information from a single source. DDoS attacks are much more difficult to combat because they come from multiple sources and sometimes even multiple platforms.

Thus, there are two ways you can become a victim of a DDoS attack – your network can be attacked, or your computer or other connected devices can be infected with malware and become part of a botnet carrying out a DDoS on someone else.

Typically, botnets have been composed of computers, but Gen Digital has found that connected devices that are part of the Internet of Things (IoT) are being exploited more and more. Many such devices don’t have advanced security features, and users may make the problem worse by failing to change the default passwords. Device manufacturers are taking steps to address these vulnerabilities. Still, the IoT has undeniably made the problem of DDoS even more challenging to combat – even as security concerns are a significant barrier to the growth of the IoT.

Any business can become a victim, but some of the most common targets of DDoS attacks are financial – banks or credit card payment gateways, as well as the online gaming and gambling industry. According to Kaspersky Lab, increasing attacks on organizations have been working to counter DDoS. Any size business is vulnerable, and attacks can be as brief as 30 minutes, making them hard to detect. The motivation of the perpetrators varies – it can include anything from simply demonstrating their hacking capabilities to criminal extortion.

Other times, perpetrators will attack websites devoted to news, human rights, political candidates, or elections as a form of protest or censorship — “hacktivist” groups have used it in various well-publicized attacks against religious and government entities. DDoS is a significant and persistent enough threat to freedom of expression. In March 2016, Google launched “Project Shield,” a free service to protect public-interest sites from DDoS attacks.

All DDoS activity is illegal and harmful. But according to Infosecurity Magazine, a disturbing trend of “dark DDoS” has emerged in recent years. Dark DDoS means an attack is used for something even more malicious than denying service to users. Instead, it’s used to distract IT personnel from an ongoing breach in security. Hackers research a network’s vulnerabilities and then launch a DDoS as a smokescreen. While IT personnel are distracted by DDoS, hackers penetrate the network and steal data.

The problem is growing. According to an October 2016 study by Neustar, nearly three-quarters of global firms have experienced a DDoS attack over the previous 12 months. DDoS attacks result in significant financial losses – about half of the companies reported losing $100,000 per hour, but one-third lost as much as $250,000. Worse, most took at least an hour to realize they were under attack and even longer to respond. The same study reported that DDoS attacks are more and more sophisticated in that attacks are increasingly “dark” – that is, they’re just one part of a more significant attack on an organization’s infrastructure or security — and in the techniques used to execute them.

Digital Attack Map, an online resource that tracks DDoS activity, says that over 2,000 DDoS attacks are observed daily worldwide, causing one-third of all downtime incidents. Incredibly enough, a weeklong DDoS attack can be purchased on the black market for as little as $150.

Reduce DDoS Attacks on Your Devices

The following can reduce the chances your computer or connected device will become an unwitting part of a botnet (at work or home):

  • Make sure your work computer network is secure. Insist on secure, unique passwords for each machine.
  • Ensure your router is password-protected. Avoid spam, and don’t store passwords in web browsers.
  • Keep your malware and virus protection software up-to-date. Classic symptoms of infection include a new browser home page that appears without warning, strange popup windows or messages/programs that start automatically. Other warning signs include inexplicably running out of hard drive space or an unexplained slowdown.
  • Determine what IoT devices are on your network and ensure they are protected with strong passwords.
  • Disable IoT services on devices when they’re not needed.
  • Update firmware on IoT devices when the manufacturer releases updates.
  • Storing multiple passwords can be challenging – if you haven’t already, set up a utility like Password Safe to handle this task securely.

How to Get DDoS Protection for Your Business

Here’s how you can prepare your business for a DDoS include:

  • Consider your vulnerabilities, and prepare a communication strategy for use if you experience a sustained attack.
  • Determine who would be in charge in case of a DDoS. Take simple steps, such as collecting contact information of everyone who would need to be involved in case of an attack, that can help you respond faster.
  • Have more bandwidth available than you need to minimize the effect of a potential DDoS attack. 
  • Know how to identify a DDoS early. eSecurity Planet suggests familiarizing yourself with your typical traffic patterns, so you can learn to distinguish between a legitimate spike in traffic and one that might indicate a DDoS attack. DQE’s Customer Control Center (CCC) web portal enables you to monitor your bandwidth usage and network performance, making it easier to spot suspicious spikes in activity.

For technical information about DDoS, including the methods used in the October 21 attack, read “On DNS and DDoS,” a blog post by Arbor Networks.

Tags: DDoS, DDoS Attack, DDoS Mitigation, DoS, hackers, Internet of Things, IoT, network security