Over the years, distributed denial of service (DDoS) attacks have become as commonplace as a stubbed toe or papercut.
At this point, it's clear they're not going away – if anything, they're actually getting more powerful, Amazon said its AWS Shield Service mitigated a 2.3 terabit per second attack in February this year – but that hasn’t stopped the U.S. government from spreading the word when it sees an uptick in attacks.
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) did just that last week when it shared news about a series of targeted denial of service (DoS) and DDoS attacks against finance and business organizations worldwide.
For the uninitiated, in a DDoS attack, the IP address of a website is bombarded with traffic, which in turn overwhelms the site and any web server associated with it.
The warning appeared to echo a recent advisory published by CISA's contemporary in New Zealand, the National Cyber Security Centre (NCSC) that financial companies were being hit hard by a DoS campaign.
While the information in the alert was scant - CISA just called it a widespread attack – it’s as good a time as ever to reiterate some of its tips for mitigating such attacks.
If you think your business is experiencing a DDoS or DoS attack, CISA encourages you to:
- Contact your network administrator to confirm whether the service outage is due to maintenance or an in-house network issue. Network administrators can also monitor network traffic to confirm the presence of an attack, identify the source, and mitigate the situation by applying firewall rules and possibly rerouting traffic through a DoS protection service.
- Contact your internet service provider to ask if there is an outage on their end or if their network is the target of an attack and you are an indirect victim. They may be able to advise you on an appropriate course of action.
A successful DDoS attacks can result in downtime, not to mention potential millions of dollars in revenue loss. While there's no way to outright prevent a DDoS attack, there are ways to minimize the damage of such attacks.
If there's a possibility your organization may be targeted, it might prove worthwhile to carve out a section in your disaster recovery plan to ensure team members across the company can communicate efficiently if there's an attack. Companies can also look into enrolling in a DoS protection service that ferrets out abnormal traffic. These services usually route traffic from your website, where its either filtered or discarded
Depending on the service, these solutions can also help defend against DNS amplification, SYN/ACK, and Layer 7 attacks, too.
NCSC, for what it's worth, recommends a lot of the same mitigation techniques, but also suggests deploying the following measures:
- Protect organization domain names by using registrar locking and confirming domain registration details (e.g. contact details) are correct.
- Ensure 24x7 contact details are maintained for service providers and that service providers maintain 24x7 contact details for their customers.
- Implement availability monitoring with real-time alerting to detect denial-of-service attacks and measure their impact.
- Partition critical online services (e.g. email services) from other online services that are more likely to be targeted (e.g. web hosting services).
- Pre-prepare a static version of a website that requires minimal processing and bandwidth in order to facilitate continuity of service when under denial-of-service attacks.
- Use cloud-based hosting from a major cloud service provider (preferably from multiple major cloud service providers to obtain redundancy) with high bandwidth and content delivery networks that cache non-dynamic websites.
The goal of a DDoS attack, plain and simple, is to disrupt and throw organizations into disarray but having efforts in place to lessen an attack’s damage could help in the long run.
