The days of people talking about the rapid expansion of the Internet are long over and today we are faced with many new digital elements to consider. The Internet of Things alone will be adding potentially billions of new devices to the largest network on earth.
With such massive expansion comes equal opportunity to cybercriminals, people and organizations who exploit devices over the internet for their personal gain. These can take the form of Viruses, Trojans, Ransomware and more.
There are also far more powerful resources at the fingertips of these cybercriminals, one of which is the Distributed Denial of Service (DDoS). In fact, the problem is even more widespread nowadays, with cybercriminals selling DDoS attack services for prices as low as US$150.
Nowadays, it's not just experienced teams of hi-tech cybercriminals that can be Ransom DDoS-attackers. Any fraudster who doesn't even have the technical knowledge or skill to organise a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion,” says Kirill Ilganaev, head of Kaspersky DDoS Protection at Kaspersky Lab (source).
A DDoS is basically a brute force attack, meaning that it is an attack on a device from multiple other devices at the same time.
It works by trying to form so many connections to the target and flooding it with information that it is overwhelmed and crashes, thus the term ‘denial of service’. By carrying out the attack and crashing the device, the cybercriminal denies the service of that device to other people who wish to use it.
As an example, in October 2016, a massive DDoS targeting Dyn, a company that controls much of the internet’s domain name system (DNS) infrastructure, caused a massive Internet outage across much of the US and Europe. Major websites including Twitter, the Guardian, Netflix and CNN were made unavailable for a period.
While that is significant, it should also be noted that cybercriminals have also targeted websites of individuals as well. In the earlier days, this would be a major source of concern, but thankfully there are now options that help individuals protect their sites.
Types of DDoS Attacks
There are four common DDoS strategies that cybercriminals use to try to take down websites. All of them are brute force attacks – they overwhelm in large numbers.
1. TCP Connection Attacks
TCP Connection Attacks try to occupy all the available connections there are to your site. This includes all physical devices that serve your site such as routers, firewalls and application servers. Physical devices always have limited connections.
2. Volumetric Attacks
Volumetric Attacks flood your site’s network with data. This works by either overcoming your server itself, or even by taking up all available bandwidth heading in to your server. Think of it as a flood or traffic jam, where nothing can move.
3. Fragmentation Attacks
Fragmentation Attacks send bits and pieces of multiple data packets to your server. This way, your server will be kept busy trying to re-assemble them and not being able to handle anything else.
4. Application Attacks
Application Attacks specifically take aim on one aspect or service you have. These are more dangerous, because with limited targeting, you might not realise you are under attack until something breaks.
DDoS Protection
If you’re a small business owner and are concerned about your website coming under attack, you are rightfully so. Any form of attack is dangerous, not to say a DDoS, and has the potential to cause you not only financial damage but brand damage as well.
There are quite many options available to you to protect yourself, so let’s have a look at some basics:
- Use Proxy Protection – A Proxy is a buffer that shields your website from the Internet, somewhat like a fence. This offers an extra layer of protection that might serve to give you advance warning of an incoming attack. It also hides your real IP address, although all of this is invisible to your legitimate website visitors.
- Guard Against Spoofed IP Addresses – Cybercriminals are fond of hiding their real IP addresses by hijacking others for their own use. Many popular addresses can be guarded against by keeping an access control list (ACL) to block access from certain IP addresses.
- Have Mode Bandwidth – Although bandwidth is expensive, many hosts today offer scalable plans that might help you out. DDoS work by trying to overcome your available bandwidth, so by keeping a bit more of a buffer zone, you might be able to gain advance attack warning as well.
In most cases, many of these options are provided by your web host. Web hosts today offer many safeguards, it is just a matter of choosing the right host for yourself.
Have a look at WSHR’s comprehensive list of business web hosting which we constantly review and maintain.
Choosing a Professional Option to Guard Against DDoS
Aside from your web host, there are also many professional security companies that offer dedicated services to help protect against cyberattacks. Before you balk, remember that this is no longer the era of the massive multinational corporation and that prices have been made affordable to even small and medium sized businesses.
1. Akamai
Akamai is one of the largest names in web security today. It helps serve over 95 exabytes of data a year across billions of devices. Among its many offerings, Akamai has something for almost all levels of security needs, from its powerful Kona Site Defender to a more basic Web Application Protection service.
2. Incapsula
Incapsula also offers comprehensive protection plans that can be customized according to your requirements. As main points of interest, you might like to have a look at their core DDoS protection services, which aim to guard your website, infrastructure and even name server.
3. Arbor Networks
Arbor Networks has a massive all-in-one DDoS prevention scheme which it calls the Active Threat Level Analysis System (ATLAS). This is an early warning system of DDoS threats globally that Arbor maintains to work in tandem with its various threat management systems.
4. Verisign
Although more well known as an issuer of security certificates, Verisign today has expanded its offerings to include other web services. However, it is still not quite there yet and the Verisign DDoS Protection Service acts mostly as an early-warning system, rather than a protection system.
5. Cloudflare
Cloudflare is a major name and made its fame as a Content Distribution Network (CDN). Happily, a CDN is one of the primary ways to help mitigate against DDoS attacks and makes use of a cloud delivery system. Today, Cloudflare has expanded its services and covers everything from CDN to DNS. Protection services are scalable, so you only pay for what you choose to use.
Success Stories in Blocking Off Cyber Attacks
Case #1: KrebsOnSecurity.com Attack
The KrebsOnSecurity.com Attack – Although the risk of cyberattacks is constant, there are far more success stories than there are failures. From enterprises to individuals, cyberattacks can be foiled and here are some that may help restore your faith in security.
In late 2016, the personal blog of investigative security journalist Brian Krebs, KrebsOnSecurity.com, was targeted by a massive DDoS attack.
The attack was notable because to two main factors:
- It was an attack against an individual’s (albeit notable) blog, and
- According to Akamai, it was almost double the size any attack they had previously encountered. In the aftermath of the attack, it was found to be among the biggest assaults the Internet has ever witnessed.
From the attack came a few interesting discoveries. First, was that despite its size, it was a pure brute force attack that did not rely on amplification or any of the other tools available to cybercriminals. The size also suggested that there are far larger botnets available to launch DDoS than security experts were familiar with.
Nevertheless, by choosing the right security partner, even small businesses can successfully defend their sites, just like Brian Krebs did.
Case #2: Massive Strike Against Russian Banks
Massive Strike Against Russian Banks – Also in late 2016, five major Russian banks, state-owned Sberbank amongst them, were the target of a sustained DDoS attack. Over the course of days, they banks were flooded by requests from devices attached to the Mirai botnet.
According to Kaspersky Lab, the longest attack was timed at 12 hours and peaked at 660,000 requests per second. This came from over 24,000 hacked devices that were distributed across 30 countries. Thankfully, the banks remained safe and operations continued.
Final Thoughts
As with every aspect of technology, new methods of cyberattacks are being invented all the time and even older methods are constantly updated and upgraded. In fact, according to an Akamai report, DDoS attacks have increased greatly in strength, doubling in attack size during 2016.
In fact, the Cisco 2017 Midyear Cybersecurity Report uncovered a rapid evolution of threats and has forecast potential “destruction of service” (DeOS) attacks. These could eliminate organizations’ backups and safety nets, required to restore systems and data after an attack.
Companies such as Akamai and Cloudflare have defended against security threats for nearly two decades and protected customers and maintained infrastructure availability, even while withstanding the largest DDoS attacks of the time.
From a personal standpoint, I am greatly a proponent of businesses concentrating on their core vectors and leaving other areas, such as security, in the hands of those whose’ business it is. Many companies ignore security warnings from experts for years before suffering from massive loss – don’t be that company.
Also read –