Distributed Denial of Service (DDos) attacks are on the rise. One 2014 study found that many respondents reported being hit multiple times within a 12 month period. It’s an increasingly prevalent and serious problem, where a basic DDoS infrastructure attack with the potential to disable a website in a matter of minutes can be bought online for as little as £30 or so. There are numerous ways to combat them. The most popular and effective way for SMEs is to employ an external data centre that has the technology to detect and deal with DDoS threats in real-time, such as these 100TB bare metal servers.
What is essentially going on with a DDos attack is the denial of service to legitimate users by an assailant directing immense volumes of traffic to a company’s servers, flooding and disabling the website. This is usually done by taking control of swathes of vulnerable PCs spread around the world using malware to create botnets, without the knowledge of the owners. It has even been suggested that there are now ‘armies’ of infected computers available for hire by the hour – a frightening thought.
There is a wide range of reasons why a company may be targeted by a DDoS attack, from an extortion attempt (pay us or we’ll keep your site offline) to political activism, to damaging the reputation of a rival. Sadly, in many cases it’s simply because some digitally-savvy teenager in his bedroom is bored and wants to stir up some trouble and maybe build a little reputation for himself.
The traffic can be obviously false, or made to look like legitimate requests. For instance, if an e-commerce site is able to deal with 50 users at a time logging in, then all a DDoS attacker needs to do is send 50 log in requests at the same time to prevent any real customers getting to their accounts.
Keep this up for a long period of time and there will be no actual sales made. The server is flooded, and the network connectivity fails. High-profile attacks that have hit the news recently include several Dutch government websites being mysteriously taken down simultaneously, and a hit on the Microsoft XBox Live gaming network by the notorious Lizard Squad, which was seemingly born from a grudge.
Successful DDoS attacks can damage revenue, brand reputation and customer service, which is why they’re increasingly on the agenda of politicians and cyber-police, but unfortunately the most prolific attackers are able to cause havoc virtually undetected, or will base themselves in a country that won’t easily cooperate with Western law enforcement. That means that for now, the best defence for a company is to make itself as unattractive a target as possible.
So, how to protect your business from a DDoS attack? While many such attacks are by brute force, that can belie the level of sophistication involved. Any company relying on a standard firewall approach is inviting disaster – firewalls were not designed for this purpose and will rarely be able to cope with this influx of traffic, going into meltdown instead.
Some companies may install devices that are designed to detect and mitigate DDoS traffic, yet these are expensive to purchase and keep operational, as they require specialist staff and ongoing maintenance to keep up with new threats. They are also not infallible when faced with huge amounts of traffic, so when one factors in the likelihood that they may only be used infrequently, they do not make for a good solution to have sitting around idle most of the time.
Internet Service Providers (ISPs) routinely offer some DDoS protection, with more bandwidth available to cope with large traffic volumes, but they carry with them disadvantages such as being unable to protect Cloud services, or network links from other providers than themselves.
That’s why for a lot of businesses, the preferred option is Cloud providers that have huge amounts of bandwidth available to them, multiple forms of hardware and software to filter and scrub traffic, diluting a threat before it is directed to the client’s own servers, and dedicated engineers with a lot of expertise in dealing with DDoS attacks.
But while they are probably the most effective form of protection, they can still be bypassed, and so the ideal solution is a web application protection combined with on-premises protection. Another useful tip is for companies to use multiple data sources, and compartmentalise customer data so that not all can be compromised at one time.
Not every DDos attack can be prevented, but with appropriate defensive measures, the effects can be limited. This is not a problem that’s going away any time soon, and any company, regardless of the nature of its industry or size, should be aware of the risks out there.