Our knowledge to you.

Is Your Business Prepared for a DDoS Attack?

On October 21, the east coast of the United States woke up to find a significant portion of the Internet wasn’t working. Twitter, Etsy, Tumblr, Reddit, PayPal, SoundCloud, Spotify, Amazon, and even the New York Times were among the sites users were having trouble reaching. The culprit was a distributed denial of service (DDoS) attack on Dyn, a New Hampshire-based Internet infrastructure company. The incident was an unusually large attack, and fortunately it was resolved by the end of the day. However, it illustrates why DDoS is one of the biggest threats to Internet security today.

In a DDoS attack, hackers exploit computer vulnerabilities to create a botnet, an interconnected network of up to millions of machines. The botnet, which is sometimes colorfully referred to as a “zombie army,” is instructed to send high volume traffic that overloads a network, effectively blocking users from accessing email, websites, online accounts, or other digital services.

A DDoS is a more sophisticated version of a DoS (denial of service) attack, in which an attacker floods a network with information from a single source. DDoS attacks are much more difficult to combat because they come from multiple sources, and sometimes even multiple platforms.

Thus, there are two ways you can become a victim of a DDoS attack – your network can be attacked, or your computer or other connected device can be infected with malware and become part of a botnet carrying out a DDoS on someone else.

Typically, botnets have been comprised of computers, but Symantec has found that connected devices that are part of the Internet of Things (IoT) are being exploited more and more. Many such devices don’t have particularly advanced security features, and users may make the problem worse by failing to change the default passwords. Device manufacturers are taking steps to address these vulnerabilities, but the IoT has undeniably made the problem of DDoS even tougher to combat – even as security concerns are a significant barrier to the growth of the IoT.

Any business can become a victim, but some of the most common targets of DDoS attacks are financial – banks or credit card payment gateways, as well as the online gaming and gambling industry. According to Kapersky Lab, there have been increasing attacks on organizations working to counter DDoS. Any size business is vulnerable, and attacks can be as brief as 30 minutes, making them hard to detect in many instances. Motivation of the perpetrators varies – it can include anything from simply demonstrating their hacking capabilities to criminal extortion.

Other times, perpetrators will attack websites devoted to news, human rights, political candidates, or elections, as a form of protest or censorship — “hacktivist” groups have used it in a variety of well-publicized attacks against religious and government entities. DDoS is a significant and persistent enough threat to freedom of expression that in March 2016 Google launched “Project Shield,” a free service intended to protect public-interest sites from DDoS attacks.

All DDoS activity is illegal and harmful. But according to Infosecurity Magazine, a disturbing trend of “dark DDoS” has been emerging in recent years. Dark DDoS means that an attack is used for something even more malicious than simply denying service to users – instead, it’s used to distract IT personnel from an ongoing breach in security. Hackers research a network’s vulnerabilities, and then launch a DDoS as a smokescreen. While IT personnel are distracted by the DDoS, the hackers penetrate the network and steal data.

The problem is growing. According to an October 2016 study conducted by Neustar, nearly three-quarters of global firms have experienced a DDoS attack over the previous 12 months. DDoS attacks result in significant financial losses – about half of the companies reported losing $100,000 per hour, but one-third lost as much as $250,000. Worse, most took at least an hour to realize they were under attack and even longer to respond. The same study reported that DDoS attacks are more and more sophisticated, in that attacks are increasingly “dark” – that is, they’re just one part of a larger attack on an organization’s infrastructure or security — and in the techniques used to execute them.

Digital Attack Map, an online resource that tracks DDoS activity, says that more than 2,000 DDoS attacks are observed daily all over the world, causing one-third of all downtime incidents. Incredibly enough, a weeklong DDoS attack can be purchased on the black market for as little as $150.

Here are ways you can reduce the chances your computer or connected device will become an unwitting part of a botnet (at work or at home):

  • Make sure your work computer network is secure. Insist on secure, unique passwords for each machine.
  • Ensure your router is password-protected. Avoid spam, and don’t store passwords in web browsers.
  • Keep your malware and virus protection software up-to-date. Classic symptoms of infection include a new browser home page that appears without warning, strange popup windows, or messages/programs that start automatically. Other warning signs include inexplicably running out of hard drive space or an unexplained slowdown.
  • Determine what IoT devices are on your network, and ensure that they are protected with strong passwords.
  • Disable IoT services on devices when they’re not needed.
  • Update firmware on IoT devices when updates are released by the manufacturer.
  • Storing multiple passwords can be challenging – if you haven’t already, set up a utility like Password Safe (at home and at work) to handle this task securely.

Things you can do to prepare your business for a DDoS include:

  • Consider your own vulnerabilities, and prepare a communication strategy for use in the event you experience a sustained attack.
  • Determine who would be in charge in case of a DDoS. Take simple steps, such as collecting contact information of everyone who would need to be involved in case of an attack, that can help you respond faster.
  • Have more bandwidth available than you think you need in order to minimize the effect of a potential DDoS.
  • Know how to identify a DDoS early. eSecurity Planet suggests familiarizing yourself with your typical traffic patterns, so you can learn to tell the difference between a legitimate spike in traffic and one that might indicate a DDoS attack. DQE’s Customer Control Center (CCC) web portal enables you to monitor your bandwidth usage and network performance, making it easier for you to spot suspicious spikes in activity.

For technical information about DDoS, including the methods used in the October 21 attack, read “On DNS and DDoS,” a blog post by Arbor Networks.

Tags: DDoS, DDoS Attack, DDoS Mitigation, DoS, hackers, Internet of Things, IoT, network security