A DDoS attack is an attack that floods a network or servers of a victim with a large amount of traffic via the internet. The traffic then overwhelms the network with requests for access which then slows down the services or just takes them offline completely which then leads to users losing access to the services all together. DDoS attacks have the potential to last from seconds to weeks causing a major disruption of service to people and/or the organization itself. It will be up to the people and/or organizations to help control it. Now, let’s discuss how DDoS attacks work, how do you know when you’re under attack, protecting your network and best practices.
How does a DDoS attack work?
DDoS attacks are develop by using a network of internet-connected devices such as PC’s, laptops, servers and/or IOT’s in which the attacker then controls.
DDoS attacks occur in various ways but the primary ways are via malware and gaining access to default settings in devices. The devices then become part of a botnet (a group of machines under the attackers control). Once botnets are created they are able to distribute phishing emails, malware or ransomware or create a flood of internet traffic. Botnets controllers are able to turn web traffic towards a target and conduct the DDoS attacks.
Servers, networks and online services are created to handle certain amounts of traffic but when they are flooded with way more than their normal amount of traffic they become overwhelmed. This overwhelming amount of traffic can then take down system functionalities or a network completely causing users to lose access. The timing for DDoS attacks can be extended for long periods of time. As long as organizations understanding traffic that is legitimate and not legitimate then they can stay afloat.
If under attack:
- Identify which assets (apps, services, servers) are impacted
- Determine how users, customers and/or business are impacted
- Notify the web-hosting provider (to have the IP address switched or etc.)
- Notify users on the status (to help reduce confusion and/or frustration)
- Use social media platforms to help get the message out (if needed)
Protecting against DDoS attacks:
- Monitor web traffic (know the normal from the abnormal)
- Set-up alerts for notifications above a certain threshold
- Use cloud-based hosting (to help with spikes in traffic)
- Use firewalls and routers to help mitigate damage (ensure they are correctly configured)
- Use anti-spoofing (to help mitigate attacks)
- Measure and analyze new spoofing tasks with tools (to test with)
- Verify existing anti-spoofing practices
- Make use of network services that must invest in resources to help keep pace of the increase in attacks
Overall, people and organizations have to get better at monitoring normal traffic vs. abnormal traffic to help reduce spoofing events. People and organizations also have to use features and tools such as anti-spoofing, VPN’s, firewalls and alerts to help protect and monitor events of this nature. Staying on top of DDoS attacks will help keep people and companies online for longer with reduced frustration. Utilizing 3rd party apps can also put people and companies at risk, but to help ensure they reduce their risk they must make sure no default settings are in place for access, it is configured correctly and that the application is able to log information because no one and nothing can be trusted fully.