As ransomware and data breaches continue to grab the headlines, distributed denial-of-service (DDoS) attacks have stopped being top of mind for many CIOs, but they’re still more dangerous than ever and companies cannot neglect the necessary steps for prevention and securing internal traffic. In fact, Google Cloud recently recorded the largest DDoS attack ever of 46 million requests per second in an offensive that lasted 69 minutes.
To stay protected against these attacks, businesses need to ensure that they have an up-to-date DDoS strategy via the following steps: understand what modern DDoS attacks look like, develop a DDoS response plan and build an up-to-date network security infrastructure.
Understand what modern DDoS attacks look like
Before taking on DDoS attacks, it’s important to understand why they occur and what they look like. Hackers deploy them for a variety of reasons, chief among them is the simplicity compared to other cyberattacks. With the proliferation of unsecured IoT devices, bad actors can raise an army of botnets for their offensive. Other motivations include extortion, smokescreens to hide intrusion attempts, state-sponsored attacks, anticompetitive business practices, hacktivists protesting the business’ activities, or sometimes they’re self-induced attacks via accidental misconfiguration. There’s no predicting where they will occur, DDoS often attacks databases, applications and infrastructure simultaneously to increase their chances of success.
Organizations need to recognize that the symptoms of a DDoS attack are not just a complete override of the website. Symptoms can include network latency, poor connectivity or performance on a company intranet, or intermittent website shutdowns. According to a 2021 study produced by Corero, OpenVPN DDoS attacks have increased nearly 300% since Q1 2019, as the preference of hybrid work prevails. DDoS activity also tends to be pervasive with short duration and repetitive attacks. According to the same Corero study, 82% of attacks last less than 10 minutes, with a 29% probability of a repeat DDoS attack within a week. No network is perfect, but if a lack of performance seems prolonged or more severe than usual, a DDoS attack is most likely underway, and the business should act.
Develop a DDoS response plan
Developing an incident response plan is a critical first step toward a comprehensive defense strategy. This starts with a thorough security assessment. Larger enterprises may require complex infrastructure and involve multiple teams in DDoS planning. When an attack strikes, there is no time to think about the best steps to take. They need to be defined in advance to enable prompt reactions and avoid any negative impacts. Depending on the infrastructure, a DDoS response plan can become quite exhaustive.
The key elements of the plan that are relevant to all organizations include:
- Formulate a systems checklist. Define a full list of “assets,” e.g., web servers, network elements or applications directly connecting to the internet with corresponding public IP addresses that should be protected in the event of an attack.
- Organize a response team. Define responsibilities for key team members to ensure an organized reaction to the attack as it happens.
- Define notification and escalation procedures. Make sure team members know exactly whom to contact in case of an attack.
- Include the list of internal and external contacts. This is a list of contacts that should be informed about the attack. Develop communication strategies with customers, cloud service providers and any security vendors.
Strengthening network security infrastructure
Mitigating network security threats like DDoS can be boosted via multiple protection strategies in tandem. Start with the basics of strong security: complex passwords that change on a regular basis, anti-phishing methods, VPNs and secure firewalls that allow minimal outside traffic. Don’t forget to keep systems up to date so there’s no outdated vulnerabilities to be exploited by DDoS attackers. Companies should also build in redundancy with multiple network resources, in separate geographies if possible, so if one server is attacked, the others can handle the extra network traffic. Dispersed resources are more difficult for attackers to target.
Organizations must also choose the right internet service provider (ISP). Most Tier-1 ISPs include additional protections with the integration of scrubbing centers into their backbone and threat intelligence capabilities that constantly monitor the larger internet for the latest DDoS tactics and emerging attack trends. These “always-on” solutions offer a proactive defense absorbing huge volumes of malicious traffic, with minimal latency impact, before it ever reaches its intended destination as opposed to a reactive approach that requires detection followed by diversion to mitigate such an attack. They also can help enterprises augment their always-on solutions with some control over how and when mitigation can be applied via customer-initiated traffic redirect capabilities in an automated fashion.
Keeping the business safe
DDoS attacks will continue to form a significant part of the enterprise security threat landscape. Being well prepared and implementing consistent and stringent measures to mitigate attacks is key to limiting and negating the potential business impact. Organizations that find this task too daunting, or don’t have the in-house team to build a fully up-to-date system, should find outside expertise. There are plenty of third-party experts, such as DDoS-specific vendors, ISP’s enterprise-focused subsidiaries, or managed service providers, that can help plan, review the strengths and weaknesses of each technology, help make educated and informed decisions, and bring in specialized assistance/talent to ensure the transition is successful.