2020 was the year of the DDoS attack. Distributed Denial of Service (DDoS) attacks spiked over the last year, driven by the pandemic and the fact that so many people were locked down, working from home, and using online services to get through the pandemic.
According to a report from NETSCOUT, more than 10 million DDoS attacks were launched last year, targeting many of the remote and essential services people were using to make it through the lockdown. Healthcare, remote learning, e-commerce, and streaming services were all hit hard by DDoS attacks, which often interrupted business operations or caused some businesses to fall victim to extortion by the criminal behind the attack.
Despite the rise in DDoS attacks, they’re not inevitable. Read on for best practices in preventing DDoS attacks,
What is a distributed denial of service (DDoS) attack?
A distributed denial-of-service (DDoS) attack is an attempt to disrupt the traffic of a targeted server, service, or network by overwhelming it with a flood of Internet traffic. By sending too many requests for information to a server, site, or network, a DDoS can effectively shut down a server — leaving it vulnerable and disrupting the normal business operations of an organization.
3 common types of DDoS attacks:
The most common type of DDoS attack, volumetric attacks flood a machine’s or a network’s bandwidth with false data requests on every available port. This overwhelms the network, leaving it unable to accept its regular traffic. There are subcategories of volumetric attacks as well. The most common type of volumetric attack is a UDP (User Datagram Protocol) flood, which is often used to send forged UDP packets with false addresses — like the IP address of the victim — to servers for UDP-based applications, generating a flood of reply traffic. Rachel Kratch of Carnegie Mellon’s Software Engineering Institute likens it to calling every pizza place in town and ordering several pizzas to be delivered to someone you don’t like. ICMP (Internet Control Message Protocol) floods, on the other hand, sends false error requests to a target, tying it up so that it can’t respond to normal ones.
Protocol attacks target the protocols used in transferring data to crash a system. One of the most common is an SYN flood, which attacks the process of making a TCP/IP connection by sending a flood of SYN packets asking the victim to synchronize instead of acknowledging a connection, tying up the system while it waits for a connection that never happens. SYN floods are like telling a knock-knock joke that never ends: knock knock, who’s there, knock knock, who’s there, knock knock...
Similar to protocol attacks, application attacks target weaknesses in an application. These attacks focus primarily on direct web traffic and can be hard to catch, because a machine may think it’s dealing with nothing more than a particularly high level of Internet traffic.
10 ways to prevent a DDoS attack
1. Know your network’s traffic
Every organization’s infrastructure has typical Internet traffic patterns — know yours. When you understand your organization’s normal traffic pattern, you’ll have a baseline. That way, when unusual activity occurs, you can identify the symptoms of a DDoS attack.
2. Create a Denial of Service Response Plan
Do you know what will happen when and if a DDoS attack happens? How will your organization respond? By defining a plan in advance, you’ll be able to respond quickly and efficiently when your network is targeted.
This can take some planning; the more complex your infrastructure, the more detailed your DDoS response plan will be. Regardless of your company’s size, however, your plan should include the following:
- A systems checklist
- A trained response team
- Well-defined notification and escalation procedures.
- A list of internal and external contacts that should be informed about the attack
- A communication plan for all other stakeholders, like customers, or vendors
3. Make your network resilient
Your infrastructure should be as resilient as possible against DDoS attacks. That means more than firewalls because some DDoS attacks target firewalls. Instead consider making sure you’re not keeping all your eggs in the same basket — put data centers on different networks, make sure that not all your data centers are in the same physical location, put servers in different data centers, and be sure that there aren’t places where traffic bottlenecks in your network.
4. Practice good cyber hygiene
It goes without saying that your users should be engaging in best security practices, including changing passwords, secure authentication practices, knowing to avoid phishing attacks, and so on. The less user error your organization demonstrates, the safer you’ll be, even if there’s an attack.
5. Scale up your bandwidth
If DDoS is creating a traffic jam in your network, one way to make that traffic jam less severe is to widen the highway. By adding more bandwidth, your organization will be able to absorb more to absorb a larger volume of traffic. This solution won’t stop all DDoS attacks, however. The size of volumetric DDoS attacks is increasing; in 2018, for example, a DDoS attack topped 1 Tbps in size for the first time. That was a record… until a few days later, when a 1.7 Tbps attack occurred.
6. Take advantage of anti-DDoS hardware and software
DDoS attacks have been around for a while and some kinds of attacks are very common. There are plenty of products that are prepared to repel or mitigate certain protocol and application attacks, for example. Take advantage of those tools.
7. Move to the cloud
While this won’t eliminate DDoS attacks, moving to the cloud can mitigate attacks. The cloud has more bandwidth than on-premise resources, for example, and the nature of the cloud means many servers are not located in the same place.
8. Know the symptoms of an attack
Your network slows down inexplicably. The website shuts down. All of a sudden, you’re getting a lot of spam. These can all be signs of a DDoS attack. If so, the organization should investigate.
9. Outsource your DDoS protection
Some companies offer DDoS-as-a-Service. Some of these companies specialize in scaling resources to respond to an attack, others bolster defenses, and still, others mitigate the damage of an ongoing attack.
10. Monitor for unusual activity
Once you know your typical activity and the signs of an attack, monitor your network for odd traffic. By monitoring traffic in real-time, your organization will be able to spot a DDoS attack when it starts and mitigate it.
How can SecurityScorecard help?
Bad actors will always go after the most vulnerable part of an organization, system, or network. To help monitor your internet traffic, consider a solution that monitors your networks continuously, giving you an outside-in view of your company’s security. Our easy-to-read security ratings, based on an A-F scale, enable you to provide your leadership with the necessary documentation to prove governance over your vendor risk management program.