Distributed deniel-of-service (DDoS) attacks are becoming bigger and more severe than ever. Unfortunately, this cyber threat will continue to haunt chief information security officers (CISOs) and IT teams for the foreseeable future.
In October 2016, Internet domain name system (DNS) infrastructure firm Dyn (now Oracle + Dyn) fell victim to a malicious wave of DNS queries from tens of millions IP addresses.
The attack, executed through the Mirai botnet, infected over 100,000 IoT devices, including IP cameras and printers. The attack reached 400,000 bots and disrupted services to major companies, including Amazon, Netflix, Reddit, Spotify, Tumblr and Twitter.
Earlier this year, a new and bigger DDoS attack emerged and hit hosting service GitHub. The impact of the attack was massive with 1.35 TB per second of traffic hitting the popular site. Although GitHub was only knocked offline intermittently and managed to beat the attack back entirely after less than 20 minutes, the sheer scale of the incident was alarming. DDoS attacks compromise Internet devices to generate enormous volumes of data and direct that data at a particular target such as a web server or router.
“Every company is vulnerable to DDoS attacks,” says Shah H. Sheikh, Senior Cybersecurity Consultant and Advisor / Co-founder, DTS Solution. “This type of threat can impact organisations of all shapes and sizes from e-commerce to banking, civil defence, telcos, aviation and more as long as they rely on the Internet. Increased connectivity of Industrial Control Systems makes it vulnerable to DDoS, which could up new doors for would be and nation state actors.”
According to Shah H. Sheikh, “Identifying the right technical solution that involves large coverage of both volumetric and application-based DDoS attacks ensures that the detection time of the DDoS attack is as short as possible.”
“It is also important to define a well structured SLA to ensure there are clear roles and responsibilities, timely response and action plan when an attack does materials with specific escalation points and go to communication model.”
“Lastly, security teams should also conduct regular DDoS cyber drills with attack simulations to ensure that the end to end processes are functioning as they should. It is important to keep in mind that when an attack happens, it does so without any warning.”
As cyber criminals perfect their DDoS attacks, the technology and tactics of organisations need to evolve as well. To ensure a quick recovery, security teams should adopt a proactive approach to avoid the damaging effects of DDoS attacks.