How to blunt the spike in DDoS attacksBy Dónal Munnelly,
Reliable security watchdogs like NetScout and Interpol have said DDoS (Distributed Denial of Service) attacks are on the rise. They’re a simple form of cybercrime that brings down online services by overwhelming them with traffic from lots of different sources. In Ireland alone, DDoS attacks have increased 200% since the start of the year, according to Arbor/NetScout traffic analysis.
DDoS attacks have always been popular with ‘hacktivists’ as a way to disrupt big name brands, since the pandemic started this has now switched to holding victims to ransom, demanding bitcoin payments upfront or else they’ll begin an attack. Recent high-profile victims include the New Zealand Stock Exchange and educational institutions, where attacks are up 350% according to Kaspersky, following the move to remote learning.
In 2011, when DDoS attacks were rife , eCommerce companies were the most vulnerable. Since then, almost every organisation has some piece of their business online or in the cloud, leaving themselves potentially exposed to DDoS attacks that look for weaknesses on a website or in a service outside the traditional perimeter, like a payment gateway.
The big reason for the spike right now is the rise in home working since lockdown. Taking down remote gateways that companies use to give home workers access to internal systems is now a favourite line of attack. The increase in the number of IoT services, enabled by less secure devices at the edge of the network, is another vulnerability that is increasingly exploited. Basically, if you thought DDoS was only a problem for large corporates, think again.
Know your enemy
So what do you need to do to mitigate the DDoS threat ?
The first step is to understand that DDoS falls into two main camps. First there’s the volumetric attack, where hundreds of thousands of slave devices are used to flood your firewalls. Then there’s the low and slow attack, which as the name suggests involves slower traffic aimed at a specific application or service. More subtle and packet based, it doesn’t need much bandwidth and is harder to detect from normal traffic.
The best way to cope with a high volume attack is to detect the threat early, before it hits your network. If your security systems detect IP addresses that are linked to DDoS, you can clean the traffic and remove bad data before it does any damage. For slow attacks, prevention is about having inline equipment that can deeply inspect packets and detect unusual patterns quickly.
Essentially you will need a combination of appliances and software, but more than that, you will need a security partner you can trust to keep your business up and running, even when it’s a DDoS target. The sooner you mitigate the risks, the more chance you have of protecting the availability and performance of applications and services that keep your business running.
Security on subscription
We believe we’re the best people to talk to about a proactive approach to DDoS because we’re in the network business. As a global leader in telecommunications infrastructure, we have a ringside seat on traffic threats that come from every corner of the planet, and with 3,000 cyber security professionals and 16 security operation centres worldwide, we have tried-and-tested expertise to respond to anything that’s coming.
Our follow-the-sun approach puts us in a better position to identify a threat before it arrives in Ireland, let alone on your network. And we have tools and solutions from market leading vendors to combat DDoS – including a one-stop Threat Management System that will automatically detect rogue traffic and clean it up at the edge of network, while the safe requests can continue on to the IP address they were destined for.
These features are made available to clients as part of BT Managed DDoS, a modular subscription service which allows customers to add different levels of protection with no capital expenditure.
We can help you to combat threats, but we also put value on growing close partnerships with clients. If you’re not sure about your security position, you can reach out to us here.