ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

DDoS Attack - What Options Are You Left With?

Updated on May 17, 2018
Evan Morris profile image

Known for his boundless energy and enthusiasm. Evan works with MWR Infosecurity as a Network Security Manager, and an avid blogger.

A distributed denial of service (DDoS) attack occurs when an attacker makes it impossible for a service to be delivered. This is done by thwarting access to servers, devices, services, networks, applications, or specific transactions within applications. It's different from a DoS attack in which one system sends malicious data or requests because in a DDoS attack multiple systems are sending them. As such, your system drowns which causes your internet bandwidth, CPU, and RAM capacity to become overwhelmed.

When your company experiences a DDoS attack it could be a minor annoyance or it could actually take your entire business offline. This depends on what class of attack your company experiences. These include:

Attacks using massive amounts of bogus traffic (a.k.a. ICMP, UDP, and spoof-packet flood attacks) take down your website and server

Attacks using packets to target your network's infrastructure and its management tools (e.g. SYN Floods, Smurf DDoS)

Attacks targeting your organization’s application layer are conducted by flooding applications with maliciously crafted requests to make your online resources sluggish or completely unresponsive

Regardless of the type of attack you're experiencing, you can't underestimate the importance of threat intelligence in a DDoS attack.

Early Warning Signs of a DDoS Attack

Cyber security intelligence will let you know that you're under attack. This starts by delivering news of early warning signs which is important because in the beginning, these can look like something that isn't malicious. These will cause availability issues including downed servers or systems and too many legitimate requests from legitimate users.

The most well-known DdoS attack occurred in early 2000. Originating from Canadian high school student Michael Calce, a.k.a. MafiaBoy it took out Yahoo!. Named “Calce,” it eventually managed to successfully disrupt other such sites including Amazon, CNN, and eBay. Although this wasn't the first DDoS attack, it is the most publicized and successful. It's literally transformed these attacks from a minor nuisance into a powerful business disruption. Since then DDoS attacks have become a common way of exacting revenge and conducting extortion as a means of online activism and cyberwar.

Today's DDoS attacks are much more than a software development method. They've grown bigger – from 150 requests per second in the mid-1990s to over 1,000 Gbps per second today. This is something that's been seen since 2000 by two other notable attacks:

Dyn DNS was struck by a DDoS attack in October 2016. Originating from Mirai botnet, this came from tens of millions of IP addresses and 400,000. It infected more than 100,000 IoT devices, including IP cameras and printers, as well as companies including Amazon, Netflix, Reddit, Spotify, Tumblr, and Twitter.

On February 28, 2018 a DDoS attack hit the hosting service GitHub with 1.35 TB per second of traffic. Fortunately, GitHub was only knocked offline intermittently and managed to beat the attack back entirely in under 20 minutes. However, the assault peaked at 1.2 TB a second.

How DDoS Attacks Evolve

DDoS are becoming more commonly conducted through rented botnets today. CSO Online says that we should expect this trend to continue. However, this isn't the only trend we should expect to see. Another trend is the use of multiple attack vectors within an attack (a.k.a. Advanced Persistent Denial-of-Service APDoS).

Typically, APDoS attacks the application layer (e.g. databases, applications) but they may also attack the server. According to Chuck Mackey, managing director of Binary Defense, “This goes beyond simply 'flooding.'” Additionally, attackers don’t just directly target their victims but also the organizations on which they depend (e.g. ISPs, cloud providers). As such, you can view these attacks as high-impact broad-reaching attacks.

This changes the impact of DDoS attacks on organizations by expanding their risk. Now businesses aren't only concerned with DDoS attacks on themselves, but they must also concern themselves with how these attacks affect their business partners, vendors, and suppliers. This is different from in the past when the old adage was that a business is only as secure as its weakest link. Today the weakest link can and often is, one of the third parties. This is evidenced by recent breaches.

As criminals continue perfecting their DDoS attacks, technology and tactics also continue to evolve. This is because of the addition of new IoT devices, the rise of machine learning and AI. All these things are playing a role in changing the nature of these attacks. Many experts believe that attackers will eventually integrate these technologies into attacks too. When this happens it'll be more difficult for cybersecurity to catch up with DDoS attacks – especially those that can't be stopped by simple ACLs or signatures. This is yet another direction in which DDoS defense technology needs to evolve.

What are Your DDoS Protection Options

With all these changes, you're probably wondering what your DDoS protection options are. This is especially true when you think about the high-profile nature of these attacks and their potentially devastating consequences. These are things that many security vendors now suddenly find themselves thinking about in terms of what kind of DDoS protection solutions they can offer.

According to Arbor Networks there are a couple of solutions you must consider. In doing so it's important to look at both their strengths and their weaknesses.

The first is existing infrastructure solutions. These include firewalls, intrusion detection/protection systems, application delivery controllers, and load balancers. While essential to your defense strategy, they aren't designed to solve security problems associated with DDoS detection and mitigation.

The second is Content Delivery Networks (CDN). These address a DDoS attack's symptoms by absorbing large volumes of data. There are three issues with the fact that CDN lets in all information:

You need enough bandwidth (over 300 Gbps) to absorb a large amount of traffic when under a DDoS attack, which can be quite costly

There are ways around the CDN and its threat intelligence

CDNs can't protect you from an application-based attack

Most DDoS attackers rely on botnets. These are a collection malware-infected systems that are centrally controlled on a network. Usually the infected endpoints are computers and servers. However, they're increasingly including IoT and mobile devices too. Attackers harvest these systems by identifying vulnerable systems that they can infect through phishing attacks, malvertising attacks, and other mass infection techniques. Many attackers today also rent these botnets from those who built them. These are just some of the trends we need to watch out for so we can protect our businesses now and in the future.


Comments

    0 of 8192 characters used
    Post Comment

    No comments yet.

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)