DDoS attacks show no sign of slowing down – here’s what you can do

Why is DDoS such a common attack method?

With the advent of the Internet of Things, the cyber risk landscape has increased. Hackers routinely take advantage of thousands of Internet-connected devices that they can take over and use in botnets for attacks. According to Ars Technica, in September 2016, DDoS attacks reportedly reached 620 Gbps and 1 Tbps in size, large enough to cripple most networks beyond those that service the core of the Internet.

So, what is a DDoS attack? According to Microsoft, DDoS is defined as a group of attack forms meant to disrupt the availability of a target. DDoS attacks are comprised of an organized effort to utilize various Internet-connected systems for executing a large volume of network requests against email, web services, DNS, as well as others. An attacker can target nearly any application they can access with the objective of flooding system resources of particular servers in order to make processing actual traffic impossible, making the system itself inaccessible.

DDoS isn’t a new attack strategy. The increase in occurrence is most likely because it is now easier for hackers to acquire more sources for illegitimate traffic, plus there is a marked increase of websites that allow anyone to purchase a DDoS attack.

According to Cisco:

  • The occurrence of DDoS attacks has increased more than 2.5 times over the last three years.
  • DDoS attack size (Gbps) is rising in a linear trajectory, with peak attacks reaching 300, 400, and 500 Gbps respectively, in 2013, 2014, and 2015, at about 10-15% each year.
  • In 2015, the primary motivation behind DDoS attacks was for cybercriminals to demonstrate attack capabilities, with gaming and criminal extortion attempts in second and third place, in that order.
  • Worldwide, the number of DDoS attacks increased 25% in 2015 and will increase 2.6-fold to 17 million by 2020.

Hypervigilance: Staying on the lookout for DDoS

First and foremost, there is no way to completely prevent DDoS attacks. Unfortunately, if someone wants to attack you, they will find a way.

However, a good, practiced DDoS response plan is a helpful tool. Know how to contact your provider’s security team and what steps they can take to help mitigate the attack in advance. Also, keep an eye out for traffic to unknown hosts that could signal a precursor to an attack, although that is easier said than done. Also, watch your traffic to make sure you don’t aid an attack.

Microsoft summed up a list of best practices for keeping up with vulnerabilities and employing DDoS protection:

  • Do everything in your power to protect your business from hackers
  • Ensure that network and security resources are aware of old configurations and their purposes
  • Don’t become complacent as a result of managing to avoid attacks for an extended period of time
  • Create Standard Operating Procedures and Emergency Operating Procedures across departments
  • If something’s different, figure out why
  • Realize that your own internal processes can be as harmful as a hacker
  • Keep track of any security changes made
  • Understand potential tradeoffs between survivability, cost, and simplicity
  • Conduct regular tests over the Internet and locally
  • Ensure your network administrators understand your configuration in complete detail; monitoring alone is not sufficient

Handling attacks

The simplest way to handle a DDoS attack is for your provider to drop all incoming traffic to the DDoS target, which takes the traffic off your circuits, but keeps the target down. Some providers support BGP flow spec, which allows you to create custom access control lists on the provider’s network, but requires support on both the provider’s and customer’s equipment.

Some content delivery networks offer DDoS mitigation support due to their design of the network; this is a great choice if your content supports a distributed model, like a website.

If your content or deployment does not support a distributed model, you can use a DDoS scrubbing service, where traffic is routed through a site where malicious traffic is “scrubbed.” Legitimate traffic is then delivered via a GRE tunnel, private circuit, or some related means.

At Flexential, we’ve improved our managed internet bandwidth services to support up to 100G of capacity with Automated DDoS Scrubbing, which provides 24x7 support against volumetric DDOS attacks without technical intervention. This is available to customers at no additional cost as part of our 100% uptime guarantee. To learn more, contact us at sales@flexential.com or at (877) 448-9378.