You no doubt saw over Christmas that the BBC News servers were out for several hours. The cause was a Distributed Denial of Service (DDoS) attack. The BBC are not the only company to be a victim of this type of attack. Statistics show that thousands of companies fall victim to this type of attack on a daily basis.
What is a Denial of Service attack?
Basically this type of attack involves flooding the target website with data to the point where the server can’t cope and the website becomes unavailable. The flooding occurs when the site is accessed by a lot of computers usually via a botnet.
There are two types of Denial of Service attacks: Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.
In a DoS attack, the perpetrator uses a single Internet connection to either exploit a software vulnerability or flood a target with fake requests. DoS attacks are launched using homebrewed scripts or DoS tools (e.g., Low Orbit Ion Canon).
In a Distributed Denial of Service attacks are launched from multiple connected computers distributed across the Internet. They usually target the network infrastructure in an attempt to saturate it with huge volumes of traffic. Such attacks usually make use of botnets.
A botnet is a large clusters of devices infected with malware giving an attacker remote control. Some botnets involve millions of machines. Botnet herders divide the devices under their control into groups that can be rented out. Other cyber criminals then use them to send spam or phishing e-mails, or to launch a DDoS attack.
Unfortunately a specialised market exists enabling criminals to buy and sell botnets. Using these underground markets, anyone can pay a nominal fee to silence websites or disrupt a company’s online operations.
DoS attacks are launched by individuals, businesses and even nation-states, each with their own particular motivation: Hacktivism (where someone expresses their criticism by downing your website); Cyber vandalism (bored individuals with nothing better to do with their time but cause trouble), Business competition (think cyber Monday), Extortion (where a cybercriminal demands money in exchange for stopping / or not carrying out a DDoS attack) …. to name but a few.
Protecting against a DDoS attack
DoS attacks can be hard to defend against because initially they look like ordinary net traffic. Defense can be preventive or responsive. Defensive responses typically involve a combination of attack detection, traffic classification and response tools, aiming to block traffic that they identify as illegitimate and allow traffic that they identify as legitimate. This could involve Firewalls, Switches, Routers, Application front-end hardware, Application level Key Completion Indicators; IPS based prevention, DDS based defense, Blackholing, Sinkholing, Upstream filtering.
Easy Steps to take
- Monitor traffic to your website to look for abnormalities such as unexplained traffic spikes, visits from suspect IP address and geolocations.
- If you’re active on social media especially Twitter, look out for threats, conversations and boasts that may indicate an attack is imminent
- Use a third-party DDoS testing to simulate an attack against your IT infrastructure
- Create a response plan and make a specific person responsible to minimise the impact of an attack – don’t wait until it happens to do something!
How Alchemy Systems can help
At Alchemy Systems we have the expertise and experience to help you to protect against Denial of Service attacks and if the worse happens to step in and help you get up and running as soon as possible.