After an ‘outbreak’ of targeted denial-of-service (DoS), & distributed denial-of-service (DDoS) attacks worldwide, some countries are offering guidance.
In recent years, distributed denial of service (DDoS) attacks have become very commonplace.
It is clear they are not going anywhere &, if anything, they are actually getting worse. Amazon said its AWS Shield Service mitigated a 2.3 terabit per second attack in Feb. this year, but that has not stopped the US govt. from ‘going public’ when it sees an increase in attacks.
Denial of Service
The US Department of Homeland Security’s Cyber-security & Infrastructure Security Agency (CISA) did just that last week, when it shared the news about a no. of targeted Denial of Service (DoS) & DDoS attacks against finance & business organisations worldwide.
In a DDoS attack, the IP address of a website is bombarded with traffic, which then overwhelms the site, & any web server associated with it.
This warning seems similar to a recent advisory published by CISA’s equivalent in New Zealand, their National Cyber Security Centre (NCSC), that financial companies were being hit hard by a DoS campaign.
While the information in the alert was a bit patchy – CISA called it simply a ‘widespread attack’ – it is time to repeat some of its tips for mitigating these attacks.
Steps to Take
If you think your business is experiencing a DDoS or DoS attack, CISA asks you to:
- Contact your network administrator to confirm whether the service outage is due to maintenance, or an in-house network issue.
- Network administrators can also monitor network traffic to confirm the presence of an attack, identify the source, & mitigate the situation by applying firewall rules & possibly rerouting traffic through a DoS protection service.
- Contact your internet service provider to ask if there is an outage on their end or if their network is the target of an attack & you are an indirect victim. They may be able to advise you on an appropriate course of action.
A successful DDoS attacks can result in serious downtime, & also potentially millions in revenue loss. Despite the fact there is no way to completely prevent a DDoS attack, there are ways to minimise the damage.
If there is any possibility your organisation may be hit, it may be good to use a part of your disaster recovery plan to ensure team members across the company can communicate efficiently, if there is an attack.
Companies can also look into joining a DoS protection service that finds abnormal traffic. These services usually route traffic from your website, where its either filtered or discarded
Depending on service, these solutions can also help defend against DNS amplification, SYN/ACK, Layer 7 attacks, too.
NCSC in the US recommends many of the same mitigation techniques, but also suggests considering the following actions:
- Protect organisation domain names by using registrar locking & confirming domain registration details (e.g. contact details) are correct.
- Ensure 24×7 contact details are maintained for service providers & that service providers maintain 24×7 contact details for their customers.
- Implement availability monitoring with real-time alerting to detect denial-of-service attacks and measure their impact.
- Partition critical online services (e.g. email services) from other online services that are more likely to be targeted (e.g. web hosting services).
- Pre-prepare a static version of a website that requires minimal processing & bandwidth in order to facilitate continuity of service when under denial-of-service attacks.
- Use cloud-based hosting from a major cloud service provider (preferably from multiple major cloud service providers to obtain redundancy) with high bandwidth, & content delivery networks that cache non-dynamic websites.
The aim of a DDoS attack is to disrupt & throw organisations into chaos but having systems in place to reduce an attack’s damage could help long term.