Distributed denial-of-service (DDoS) attacks are one of the oldest and most effective forms of cyberattack companies must contend with today. Some of the most famous recent DDoS attacks have impacted major organizations like GitHub, Dyn, and BBC, but smaller companies remain even more vulnerable to these brute force cyberattacks. Preventing DDoS attacks should be a priority for every organization, regardless of its size.
With the increased level of remote working arrangements and overall internet activity due to stay-at-home COVID-19 measures, it was perhaps inevitable that cybercriminals would exploit the situation to create disruption and undermine network systems. Much of this activity took the form of coronavirus-related scams, such as the widespread phishing schemes used to deploy Emotet malware. The goal of these attacks is typically to breach secure systems and steal potential valuable information. While they are potentially devastating, these attacks can be countered relatively easily with simple solutions like multi-factor authentication and increased employee awareness.
Unfortunately, the COVID-19 crisis has also seen a severe increase in DDoS attacks. A Q1 2020 report released in early May by the cybersecurity firm Kaspersky found that DDoS attacks were both more numerous and more intense compared to the previous year. While the first quarter of the year commonly sees a spike in DDoS activity, few cybersecurity experts were prepared for the 80% increase in attacks or the 25% increase in attack duration.
Most of these attacks have targeted government agencies, educational platforms, and gaming services, all of which have experienced much higher usage rates due to COVID-19 lockdown measures. Nowhere was this more visible than in the early March DDoS attack on the US Department of Health and Human Services (HHS), which attempted to overload the agency’s servers over a period of several hours.
One of the more common forms of active cyberattacks, a DDoS attack works by bombarding a server with a massive number of access requests. It does this by leveraging the inherent design of networking architecture, which involves sending data packets to a server to execute a command or request access to the system. Since every packet that arrives must be read and processed whether or not it’s rejected, too many such requests will impact performance as the system tries to read every one of them. The server first slows down as it struggles to keep up, and if the onslaught continues, it will simply crash, taking the entire network down with it.
Unfortunately, DDoS attacks are relatively easy to orchestrate. For many years, attackers used specialized malware to infect thousands of computers and create a botnet capable of launching an attack on a single target. These attacks stole portions of processing and networking power from infected computers to send coordinated access requests to the targeted system. Recently, attackers have transitioned to using powerful “booter” or “stresser” services that allow them to purchase and provision the processing resources to launch DDoS attacks.
Combatting DDoS attacks has posed a number of challenges for both companies and authorities. On April 10, Dutch authorities arrested a 19-year-old hacker who launched an attack against government websites related to the pandemic response. A week earlier, they shut down 15 stresser services in a major raid that echoed a 2018 effort by the US Department of Justice that took down similar services operating in California and Alaska.
Unfortunately, the sheer number and easy availability of these illegal services (many of which are easily found with a conventional search engine) has made it almost impossible for authorities to curtail attacks. Until there is a broad, cooperative effort between law enforcement officials and technology companies to clamp down on DDoS attacks (such as de-indexing known stresser sites or restricting online marketplaces), organizations will continue to be forced to rely on their own mitigation strategies.
There are a variety of tools networks can deploy to mitigate the impact of a DDoS attack. While manual incident response was once sufficient to combat them, today’s DDoS attacks are far too large and adaptive to be countered manually. Effective DDoS mitigation consists of four key steps and is often implemented through a variety of cloud-based services.
The first step in stopping an attack is recognizing that it’s underway. Older forms of DDoS mitigation simply throttled down bandwidth when traffic volume spiked, but this could create performance issues, especially in the case of newly launched products or services that swamped networks with legitimate visitors. Modern DDoS mitigation software monitors traffic closely to identify known attack patterns and flag unusual activity as a potential threat.
Once the network knows something unusual is happening, DDoS mitigation platforms use a variety of scanning tools and machine learning capabilities to identify malicious botnet or booter/stresser service traffic and distinguish it from potentially legitimate traffic.
Once the distinctive signature of malicious traffic is identified, it can be dropped entirely at the network edge before it has a chance to reach the server and impact performance. Remaining traffic can then be broken up into more manageable chunks to help the system process it more effectively and further screen out any malicious requests.
The aftermath of a DDoS attack is often the most important step, allowing the system to identify and adapt to attack patterns, block malicious IPs, and scrutinize traffic from certain countries. This allows the system to fortify itself against future attacks to deliver superior levels of network uptime.
At Compuquip Cybersecurity, we help organizations protect their critical data and applications from risk. Our fully-managed security and incident response services provide the oversight and protection needed to guard against the latest generation of DDoS attacks. As a fully remote technology company, we understand the network risks that companies are facing as they work through the COVID-19 pandemic. Our team of cybersecurity experts is ready to help your organization implement the policies and controls necessary to keep your remote business secure and protect you from the disruptive risks of DDoS attacks. To learn more about our innovative threat management and virtual CISO services, contact our experienced security team today.