Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

How to protect yourself against a DDoS attack

Written by  Oct 15, 2019

The distributed denial of service attack (DDoS) has become one of the most popular, and most devastating, methods used by criminals to disrupt the activities of a target business.

The technique, which can be utilised by everyone from script kiddies to professional hackers, it involves bombarding a target website or server with artificial traffic to the point that it is overloaded.

Every time a computer visits a website, it requests access to that site's content. A DDoS attack exploits this by sending more requests than a server can cope with at any given time. This can result in either long delays for other users requesting content, or a server completely failing.

Given the relatively crude nature of the attack and the fact that it's incredibly difficult to prevent or stop once discovered, DDoS continues to be an effective tool for taking down websites and will continue to do so.

cyber criminalAlso see: Should you trust a criminal with your cyber security?

A criminal doesn't need to be especially technical, as there are a number of DDoS-for-hire groups operating on the dark web. These services have spent time spreading malware to devices across the world, which can then be mobilised as a visitor to a particular website or used to issue a server request.

While these types of attacks were normally done in isolation, and often in an attempt to tarnish the reputation of or cause financial damage to a particular company, they are often used today as a smokescreen to divert attention away from a far more serious hack.

The largest-ever DDoS attack on record was launched against GitHub in February 2018, although it only managed to knock the code repository offline for 10 minutes. Far greater disruption was caused during a smaller attack on the Dyn DNS server in 2016, which took down some of the world's most popular sites, including Amazon, Netflix and Spotify.

Both of these examples are also demonstrative of the way criminals are using new technologies and exploits to carry out DDoS attacks – the Dyn attack is thought to have used an IoT-powered botnet, while the GitHub attack made use of poor authentication on memcached servers.

What's more, it's not just the big-name players on the internet who are at risk from DDoS attacks – we all are. According to March 2018 research from Kaspersky Lab, 27% of businesses caught up in such an incident think they were collateral damage, rather than being the intended target. This highlights the need for all organisations to know how to protect themselves from a DDoS attack.

Back to basics

Rather than over-provisioning, simple things such as bandwidth buffering can allow for traffic spikes including those associated with DDoS attack and give you time to both recognise the attack and react to it.

It's also probably worth putting into place other basic safeguards that can gain you a few precious minutes: rate-limiting your router, adding filters to drop obvious spoofed or malformed packets and setting lower drop thresholds for ICMP, SYN and UDP floods. All these will buy you time to try and find help.


Cloud Computing Security: Foundations and Challenges
amazon uk

Think ahead

The first thing every organisation should do when suspecting a DDoS attack is confirm it actually happened. Once you've discounted DNS errors or upstream routing problems, then your DDoS response plan can kick in.

What should be in that response plan? Contact relevant members of your incident response team, including leads from applications and operations teams, as both are likely to be impacted.

Then contact your ISP, but don't be surprised if it black-holes your traffic. A DDoS attack costs it money, so null routing packets before they arrive at your servers is often the default option. It may offer to divert your traffic through a third-party scrubber network instead; these filter attack packets and only allow clean traffic to reach you.

Be warned, this is likely to be a more expensive emergency option than had you contracted such a content distribution network (CDN) to monitor traffic patterns and scrub attack traffic on a subscription basis.

Prioritise and sacrifice to survive

Ensure the limited network resources available to you are prioritised - make this is a financially driven exercise as it helps with focus. Sacrifice low-value traffic to keep high-value applications and services alive. Remember that DDoS response plan we mentioned?

This is the kind of thing that should be in it, then these decisions aren't being taken on the fly and under time pressure. There's no point allowing equal access to high-value applications, whitelist your most trusted partners and remote employees using VPN to ensure they get priority.

Multi-vector attacks

Multi-vector attacks, such as when a DDoS attack is used to hide a data exfiltration attempt, are notoriously difficult to defend against. It's all too easy to say that you must prioritise the data protection, but the smokescreen DDoS remains a very real attack on your business.

Advertisement


Cybersecurity Essentials
amazon uk

The motivation behind a DDoS is irrelevant, they should all be dealt with using layered DDoS defences. These should include the use of a CDN to deal with volumetric attacks, with web application firewalls and gateway appliances dealing with the rest. A dedicated DDoS defence specialist will be able to advise on the best mix for you.

DDoS mitigation services

It's worth considering investing in DDoS mitigation services if you're particularly likely to be a target of a DDoS attack (for example, if you're a large organisation) or at least knowing about what's out there, just in case.

One of the biggest and best known is Cloudflare, which has made headlines offering DDoS mitigation services to the likes of Wikileaks as well as working to mitigate wider attacks.

Cloudflare isn't the only game in town, though and many network and application delivery optimisation firms offer DDoS mitigation services.

Other well-known brands include Akamai, F5 Networks, Imperva and Verisign.

Some of these providers offer so-called emergency coverage, which you can buy when an attack is underway to mitigate the worst of it, while others require a more long-term contract.

If you're already using other products from any of these companies, you may want to look into adding DDoS protection to your package. Alternatively, if you use another network optimisation firm not mentioned here, it's worth seeing if it offers DDoS protection and how much it would cost. As mentioned above, your ISP may also offer some form of DDoS protection, particularly in an emergency, but it's worth seeing quite how comprehensive this would be beforehand, as well as the processes involved and of course the cost.

1 comment

  • Oliver O
    Comment Link Oliver O Wednesday, 26 February 2020 10:15

    Very thorough and informative, DDOS is a real and ongoing worry for every IT dept.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement

Popular Cyber News

Mar 05, 2020 Cyber Security

Tesco and Boots Loyalty Card Schemes Affected by Security Issues

UK retailers Tesco and Boots are dealing with the after affects of cyber security issues that may have affected thousand...

Feb 13, 2020 Cyber Threats

Steps To Combat Insider Threats

Your organisation are generally well prepared for threats from outside the company. But are you ready to address threats...

Feb 08, 2020 Cyber Security

Millions of UK Businesses don't have a Cyber Insurance Policy

According to a survey conducted by Insurance firm Gallagher, millions of businesses operating in the UK don't have basic...

Feb 07, 2020 Cyber Threats

British Police Warn: Cleaners Are A Cyber Threat

British police have reportedly warned of a cyber threat posed by a not often thought about data stealer, namely the use ...

Feb 10, 2020 Cyber Security

The Cyber Security Fight Won't Stop

The controversy over the decision to allow Huawei technology to be used in the UK’s 5G networks is a very high-profile...

Feb 29, 2020 Cyber Security

Wi-Fi of More Than a Billion Devices Can Be Exposed

A billion-plus computers, phones, and other devices are said to suffer a chip-level security vulnerability that can be e...

Feb 04, 2020 Cyber Security

NHS Employs Supplier Security Audits to Improve Cyber Security

NHS Shared Business Services and its cloud partner Virtualstock have enlisted cyber threat intelligence and risk assessm...

Feb 25, 2020 Cyber Security

The Top Cyber Security Companies in the UK

Investing in the right cyber security for your company is more important than ever, but which are the top UK cyber secur...

Feb 28, 2020 Cyber Threats

UK Prepares ‘National Cyber Force’ To Tackle Terrorists and Other Threats

The UK is preparing the official launch of a specialist cyber force that will target terror groups and hostile nation st...

Feb 28, 2020 Cyber Threats

DVLA Say Cyber Criminals are Targeting UK Motorists

The Driver and Vehicle Licensing Agency (DVLA) has warned that cyber criminals and scammers are targeting unsuspecting d...

Feb 19, 2020 Cyber Security

Cybersecurity Jobs Are Not Going To Be Filled

CISOs around the world expect a serious lack of global cybersecurity talent which will worsen in the next five years, ac...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

Mar 23, 2020 Cyber Security

Thousands of Netflix and Other Streamers Accounts are Being Stolen

With a massive surge in home use of video and music streaming services such as Amazon Prime Video, Apple Music, Netflix ...

Mar 27, 2020 Cyber Security

Hospitals worldwide offered free security software

As cyberattacks against hospitals surge during the coronavirus crisis, technology companies are stepping up to alleviate...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

Advertisement
Symantec Home 120x60

Advertisement