Cybersecurity experts expect the number of sites subject to DDoS attacks to increase significantly in coming years with smaller and smaller sites being targeted. This results from the proliferation of services that allow relatively unsophisticated users to conduct these attacks.
On Friday, October 20, 2016, several major commercial websites, including Twitter, Netflix, and Spotify, basically shut down for hours at a time as a result of a massive DDoS attack. Investigations are in the early stages and have yet to identify the perpetrators of the attack, although pundits quickly leapt to blame the Russians, the Chinese, and several prominent hacktivist groups. The attack targeted a company called Dyn. Dyn is a DNS provider; it’s services connect domain names to corresponding IP addresses. When its servers became non-functional shortly as a result of the attack, web browsers and other connected applications seeking to find and load content at the hosted domain names could not.
A DDoS (Distributed Denial of Service) attack involves overloading a server with millions or billions of information requests to the point that the hardware cannot cope. This is sometimes also called a "blizzard attack". Cybercriminals create networks of infected devices around the world and then use those devices in the attack.
Investigators suspect that the Dyn DDoS attack involved millions of infected devices from the so-called Internet of Things (IoT) - devices such as thermometers or refrigerators that now come equipped with network connectivity. These devices often lack the sophisticated security technology necessary to thwart malware. A Chinese manufacturer has already called web camera models identified as being involved in the attack. Some responsibility also lies on end users of IoT devices who often do not change default login credentials for these devices, making them much easier to hack.
Companies that do significant business through the internet, whether it’s advertising or payment options or data storage, need to have plans in place to protect against these attacks.You need to develop an incident response plan for that includes DDoS mitigation strategies. These plans can help key employees respond quickly and appropriately when attacks are detected instead of sitting around wondering what to do next. If people already know what they need to do, they can move straight to necessary action aimed at limiting the costs of the attack.
Companies need to have strategies in place to identify DDoS attacks as they happen. Several services can monitor your network traffic to identify DDoS attacks in their early stages. On staff IT professionals may also help develop strategies to let you know as soon as possible when your network faces one of these type of attacks. The sooner you identify the attack, the sooner you can begin defensive and mitigating tactics to stop the attack and get your business back running.
When an attack is identified, contact the appropriate third parties as soon as possible. This may include the insurance company that holds your cyber insurance policy, presuming your policy covers DDoS attacks. It should also include your internet service provider, since they can help clean up the malicious web traffic.
Companies need to consider in choosing certain cloud-based service providers and web hosting services- the extent to which these providers protect you against or leave you vulnerable to DDoS attacks. Many of these companies have DDoS attack protection in place and some may offer extra protection as an add-on service.
As always, companies need to consider the extent of their exposure, the likelihood of a loss, and the costs of mitigation in crafting a cyber security plan tailored to the needs of their organization. The internet and the cloud offer businesses and consumers tremendous opportunities and advantages, but the volume and nature of threats that exist in the cyber world continues to expand. Having adequate cyber security plans in place will become a significant competitive advantage for companies as a result.