A recent report by Arbor Networks shows that Distributed denial of Service (DDoS) attacks are up: an increase in attack size, speed and complexity . Over half of all attacks are now over 1Gbps, attacks between 2 and 10Bbps doubled and those over 10Bbps have increased by 41.6%. Attacks are solidly above 2Gbps for the first time ever. And there’s a daily escalation in attack frequency, speed and size. Further, the U.S. is the top target for attacks, receiving nearly a third of all attacks worldwide.
A DDoS attack is an attempt to make services unavailable to the intended users by flooding a specific service with requests coming from multiple machines, most likely botnets. A DDoS attack can result in pure nuisance for your users or mean financial loss in sales and increase in bandwidth costs. Updating software and hardware won’t protect you against DDoS attacks because they aren’t malware, your limited resource is your vulnerability, and no one has unlimited resources.
It’s time to talk about DDoS protection.
A DDoS only works if your system can be overloaded. If you can buy up enough bandwidth to keep up and running with an increased flood of service requests, DDoS won’t affect your business. However, this probably isn’t that practical of a safeguard considering that attacks can generate hundreds or thousands of times the usual traffic.
Assume it can and will happen to you. If your website attracts any sort of business, you can be a target for DDos attacks. Because DDoS attacks aren’t that difficult to perform, a business of any size is vulnerable. However, the disruption to service will likely be significant to your business. Detecting an attack early is essential to reducing the cost to your company.
Monitor traffic to your site; keep up on recent traffic counts. If you see significant increases, you’ll know. Also, use an outside source to periodically check service availability so you know everything is up and running and if it’s not.
Identify the attacker
If you’re under attack, you’ll need to find the attacker as quickly as possible and block them with your firewall. In a DDoS attack use a large number of attackers all at once, blocking all the IP address will be nearly impossible. Look for commonalities, all the attackers should have some unique similarities. Most of your traffic will be coming from attackers, so grab a packet capture and look for a pattern that can be blocked with your firewall.
Get the word out
If you’re being attacked, there is help. If you suspect attack, contact your regional Computer Security Incident Response Team (CSIRT). They have resources that can help you during the attack and in determining who and how the attack was perpetrated.
Insure against DDoS
If a DDoS attack could mean serious financial strife for your company, you may want to consider insuring against attack. Do not assume that a third party host will have you covered in case of an attack. You should be prepared and have a response plan in place, but cyber insurance that covers DDoS attacks won’t hurt either.
A DDoS attack will certainly disrupt your business, but it most likely won’t cause permanent damage to your systems. Once the attacker is blocked, your services will be usable again. But attackers may find ways around your firewalls, and vigilance is key to reducing the threat of DDoS attacks.