DDoS Attacks Are Showing No Sign of Slowing Down – Here’s What You Can Do
Why Has DDoS Become Such a Common Attack Method?
With the advent of the Internet of Things (IoT), the cyber risk landscape has increased. Hackers are routinely taking advantage of thousands of Internet-connected devices that they can take over and use in botnets for attacks. According to Ars Technica, in September 2016, distributed denial-of-service (DDoS) attacks reportedly reached 620 Gbps and 1 Tbps in size, large enough to cripple most networks beyond those that service the core of the Internet.
So, how can a DDoS attack be classified? According to Microsoft, DDoS can be defined as a group of attack forms meant to disrupt the availability of a target. DDoS attacks are comprised of an organized effort to utilize various Internet-connected systems for executing a large volume of network requests against email, web services, DNS, as well as others. An attacker can target nearly any application they can access with the objective of flooding system resources of particular servers in order to make processing actual traffic impossible, making the system itself inaccessible.
DDoS isn’t a new attack strategy; it’s been around for years. The increase in occurrence is most likely because it is now easier for hackers to acquire more sources for illegitimate traffic, plus there’s been a marked increase of websites that allow anyone to purchase a DDoS attack.
According to Cisco:
- The occurrence of DDoS attacks has increased more than 2.5 times over the last three years.
- Peak DDoS attack size (Gbps) is rising in a linear trajectory, with peak attacks reaching 300, 400, and 500 Gbps respectively, in 2013, 2014, and 2015, at about 10-15% each year.
- In 2015, the primary motivation behind DDoS attacks was for cybercriminals to demonstrate attack capabilities, with gaming and criminal extortion attempts in second and third place, in that order.
- Worldwide, the number of DDoS attacks increased 25% in 2015 and will increase 2.6-fold to 17 million by 2020.
Hypervigilance: Staying on the Lookout for DDoS
First and foremost, there is no way to completely prevent DDoS attacks. Unfortunately, if someone wants to attack you, they will find a way.
However, having a good, practiced DDoS response plan in place for when an attack does occur can be a helpful tool. Know how to contact your provider’s security team and what steps they can take to help mitigate the attack in advance. Also, keep an eye out for traffic to unknown hosts that could signal a precursor to an attack, although that may be easier said than done. Be sure to watch your traffic to make sure you are not aiding an attack, as well.
Microsoft summed up a list of best practices for keeping up with vulnerabilities and employing DDoS protection:
- Do everything in your power to protect your business from hackers.
- Ensure that network and security resources are aware of old configurations and their purposes.
- Don’t become complacent as a result of managing to avoid attacks for an extended period of time.
- Create Standard Operating Procedures (SOPs) and Emergency Operating Procedures (EOPs) across departments.
- If something’s different, figure out why.
- Realize that your own internal processes can be as harmful as a hacker.
- Keep track of any security changes made.
- Understand potential tradeoffs between survivability, cost, and simplicity.
- Conduct regular tests over the Internet and locally.
- Ensure your network administrators understand your configuration in complete detail. Monitoring alone is not sufficient.
The simplest way to handle a DDoS attack is for your provider to drop all incoming traffic to the DDoS target, which takes the traffic off your circuits, but keeps the target down. Some providers support BGP flow spec, which allows you to create custom access control lists on the provider’s network, but requires support on both the provider’s and customer’s equipment.
Some content delivery networks (CDNs) offer DDoS mitigation support due to their design of the network; this is a great choice if your content supports a distributed model, like a website.
If your content or deployment does not support a distributed model, you can use a DDoS scrubbing service, where traffic is routed through a site where malicious traffic is “scrubbed”. Legitimate traffic is then delivered via a GRE tunnel, private circuit, or some related means.
By using Peak 10’s blended Internet bandwidth, we’re able to handle DDoS attacks for our customers. We have contacts with our providers’ security teams, as well as systems in place to detect and mitigate DDoS attacks quickly. Our customers have a single point of contact if an attack is occurring, and we can take immediate steps to help mitigate an attack across our infrastructure.