Guarding Against DDoS Attacks

August 29, 2018 · Mary Chavez · · Comments

Distributed Denial of Service (DDoS) attacks, during which multiple compromised systems target a single system, have been plaguing organizations for nearly 20 years. While the tactic is not new, attack techniques, desired targets and even the attacker profiles themselves continue to evolve rapidly and challenge security teams to keep websites, applications, servers and systems up and running.

DDoS attacks differ from a simple DoS attack in that it comes from multiple systems and attempts to crash a system with a high volume of requests for data. The typical result, says CSO Online, is that “available Internet bandwidth, CPU and RAM capacity becomes overwhelmed”. While these types of attacks can disrupt services in companies of any industry, they can pose a particular threat to financial institutions because they can impact bank-to-customer and bank-to-bank transactions.

Your company, no matter the size, is likely to encounter a DDoS attack in the near-term if you haven’t already. In this post, we’ll walk through some common aspects of these attacks and how you can guard against them.

High Cost of an Attack

DDoS attacks are growing in frequency (ZDNet reports that attacks were up 73% from 2016 to 2017) and exacting a growing financial toll on impacted businesses. In a report conducted last year by Neustar, 63% of respondents said that the loss of revenue caused by DDoS can sometimes reach over $100,000 per hour. Sometimes, it can be much more, with several companies reporting that losses could be over $250,000 per hour. Given the stakes, preventing even “minimal” downtime can significantly impact continuity of operations.

Reasons for An Attack

Why do attackers cause DDoS attacks when they don’t obviously benefit them in any way? DDoS attack motivations are difficult to determine (because of the volume involved there are frequently multiple actors), but there are a few themes that stand out. One main hacker motivation could be simply to prove his/her skill and gain notoriety. Another could be to wreak havoc on a particular company based on a competitive relationship or personal vendetta. Third, sometimes DDoS attacks are used to extort a ransom from the company in exchange for restoring services and returning operations to normal.

Still, more worrying is the fact that some hackers may use a DDoS to cover up a different type of cyber-attack. Because a DDoS attack can create thousands of activity logs at once, it can bury any sign of suspicious activity or malware in a business’s servers or databases, allowing this malware to go undetected for longer.

How to Guard Against These Attacks

Though many companies are familiar with the prevalence and the costs of these types of attacks, not many have a clear strategy for defending against them. Here are a few steps that your company can take to prevent extensive damage:

Have a Plan in Place: The best way to prepare your company for an attack is to have an incident response plan in place. Even if your company has a response plan, you’ll need to add or update your DDoS mitigation plan as well.

Invest in a Diversity of Infrastructure: Your security infrastructure shouldn’t just include one type of server in one place. This will make it hard to load balance or to cut off traffic to one place when experiencing an attack. A cloud-based anti-DDoS solution can serve to both increase this diversity of infrastructure and divert malicious traffic when an attack occurs – while offering the necessary redundancy by avoiding a single point of failure.

Update Your Technology: On a more basic level, simply updating the technology you already have in the form of firewalls and supporting security infrastructure can help your business avoid or mitigate certain types of attacks. Your network is only as healthy as its last update.

Work with an MSSP: Many companies are now turning to third party DDoS protection services or Managed Service Security Providers (MSSPs). An MSSP can help your company limit the damage from a DDoS attack by helping to create a plan, implement perimeter security and monitoring, and also stress test your security practices. That way, when a DDoS attack occurs, you can be ready.