DDoS attack: What is it and how to defend against it

In February 2020, AWS countered the largest distributed denial-of-service (DDoS) attack in history with traffic coming in at a rate of 2.3 terabits per second (Tbps). That attack broke the previous world records of 1.7 Tbps DDoS attack directed toward a US-based service provider in March 2018 and the 1.35 Tbps attack targeting GitHub in February 2018. These figures show that DDoS attacks are growing in size and complexity, threatening businesses around the world.

In this blog, we’ll discuss what you need to know to protect your company against such attacks.

What is a DDoS attack?

In a DDoS attack, the malicious actor bombards its target server with a flood of internet traffic to disrupt the traffic that server regularly has. DDoS traffic is typically generated from multiple machines, such as computers, servers, and Internet of Things (IoT) devices, that have been infected by malware, allowing them to be remotely controlled by an attacker. These exploited machines are called bots and form a distributed network called a botnet.

When a botnet targets a victim’s server, each bot in that network sends the server messages, requests for connections, or fake packets. In trying to accommodate all requests, the targeted server comes close to or exceeds its bandwidth limit. Websites that rely on that server slow down or crash, which means that site visitors can’t do what they came there for, hence the attack’s name “denial-of-service.” You can liken this type of cyberattack to an unexpected traffic jam that’s clogging up the highway, preventing normal traffic from reaching its destination.

The scale of a DDoS campaign can be massive. For example, a botnet of more than 50,000 compromised IoT endpoints including smart refrigerators, televisions, webcams, and other devices was used in the 2016 attack against DNS service provider Dyn. Alarmingly, there are botnet services on the dark web that cybercriminals can rent to conduct massive DDoS attacks.

How can businesses defend against DDoS attacks?

Here are five concrete measures you can take to protect your business from DDoS attacks:

1. Know your traffic

Differentiating normal traffic from attack traffic can be very difficult since each bot appears to make legitimate requests. This is why you must first understand your company’s typical traffic patterns and characteristics using network and application monitoring tools. Doing so will enable you to establish a baseline so you can more easily spot unusual activity, which may be a sign of a DDoS attack.

2. Use a web application firewall

A web application firewall sits between the internet and an origin server, filtering requests based on rules used to identify DDoS attacks, thereby protecting the server from malicious traffic.

3. Segment IoT devices behind a firewall

One major reason why IoT devices are easily hacked is because users don't bother to change the default access credentials provided by the manufacturer.

To minimize the chances of your IoT devices being used in a DDoS attack, segment these in a dedicated zone behind a firewall.

4. Add multiple layers of security

Make sure you have a multilayered cyber defense including security measures such as:

• Anti-malware – Scans, identifies, prevents, and eliminates malicious software on IT systems and devices
• Software updates – Patches security flaws in software that cybercriminals could potentially exploit
• Data encryption – Makes plain-text information indecipherable to anyone who doesn’t have the decryption key
• Virtual private network – Protects network access by channeling all network traffic through an encrypted tunnel back to a trusted corporate network
• Cybersecurity training – Teaches employees to practice good cyber hygiene and become aware of cyberthreats

5. Create a DDoS response plan

You must be prepared with a response plan to minimize a DDoS attack’s potential impact. This plan must include:

• List of tools – Software and hardware that will be implemented such as advanced threat detection, assessment, and filtering
• Response team – Team of employees with clear roles and responsibilities to carry out once an attack is detected
• Escalation protocols – Rules on whom to inform and involve during different stages of an attack
• Communication plan – Strategy for contacting your ISP, vendors, customers, and other stakeholders

After creating the plan, make sure to test it multiple times a year. Simulate complex attacks, use metrics to measure your performance, identify vulnerabilities, and then update your response plan so you can continuously beef up your defenses.

DDoS attacks can impair your productivity and impact your bottom line. Let Cutting Edge Network Technologies help you take a proactive approach so you can effectively defend against these cyberattacks. Contact us today to get started.