When hackers bring websites to their knees: best practices against DDos attacks. Cyber criminals use distributed denial of service (DDoS) attacks to target companies and institutions by causing server or web services to fail.
For example, attackers bombard the IP address of a website with so much data traffic that the website and every web server connected to it is overwhelmed with answering the requests. This makes the website inaccessible for users.
DDoS hacker attack: simple but effective
For attackers, DDoS is a simple, effective and powerful technology that is fueled by insecure devices, especially the constantly growing Internet of Things (IoT). Hackers can easily infect these devices with malware and recruit them into a botnet. They then use the Command and Control Server (C2) to instruct the compromised devices to use part of their computing power to overwhelm a target server with requests and bring it and the associated website to its knees. Since these requests are widely distributed, it is difficult to distinguish between legitimate and fake traffic, which is why DDoS attacks are usually successful.
A DDoS attack can lead to downtime and the associated potential loss of revenue running into the millions. While there is no way to completely prevent a DDoS attack, some measures can minimize the damage caused by such attacks.
First steps in a DDoS or DoS attack
If a company believes it has been affected by a DDoS or DoS attack, it should first contact its network administrator to determine whether the service outage is due to maintenance work or an internal network problem. Network administrators can also monitor network traffic to confirm the presence of an attack, identify the source, and mitigate the situation by applying firewall rules and possibly redirecting traffic through a DoS protection service.
The company can also contact its Internet service provider to find out whether there is a failure on their part or whether their network is the target of an attack and the company is thus an indirect victim. The Internet service provider may also be able to advise the company on a suitable course of action.
Disaster recovery plan against DDoS
Tim Bandos, Chief Information Security Officer at Digital Guardian
In addition, if there is a possibility that a company will be targeted by DDoS attacks, it may be worthwhile to include a section on this in the disaster recovery plan to ensure that team members across the company will be kept safe in the event of an attack can communicate efficiently. Organizations can also consider signing up for a DoS protection service that will detect abnormal traffic. These services usually route traffic from the company website, where it is either filtered or discarded. Depending on the service, these solutions can also help defend against DNS amplification attacks, SYN / ACK and Layer 7 attacks.
An overview of measures to defend against DDos attacks
- Protection of domain names of the organization by using registrar blocks and confirming correct domain registration details (e.g. contact details)
- Ensuring that 24/7 contact details are maintained for service providers and providers maintain 24/7 contact details for their customers
- Implementation of availability monitoring with real-time alerting in order to detect denial-of-service attacks and measure their effects
- Separation of critical online services (e.g. e-mail services) from other online services that are more likely to be targeted (e.g. web hosting services)
- Prepare a static version of the website that requires minimal processing and bandwidth to facilitate service continuity in the event of denial-of-service attacks
- Use of cloud-based hosting by a large cloud service provider (preferably several large cloud service providers to maintain redundancy) with high bandwidth and content delivery networks that cache non-dynamic websites.
The aim of every DDos attack is to inflict the greatest possible damage on the targeted organization, whether as part of an attempt at extortion by cyber criminals, as an act of sabotage by competing companies or nation states or as a politically motivated protest. However, with the above mitigation measures, organizations can significantly mitigate the effects of an attack.
More at DigitalGuardian.com
Via Digital Guardian Digital Guardian offers uncompromising data security. The data protection platform provided from the cloud was specially developed to prevent data loss from insider threats and external attackers on the Windows, Mac and Linux operating systems. The Digital Guardian Data Protection Platform can be used for the entire corporate network, traditional endpoints and cloud applications. For more than 15 years, Digital Guardian has made it possible for companies with high data volumes to protect their most valuable resources using SaaS or a fully managed service. With Digital Guardian's unique policy-less data transparency and flexible controls, organizations can protect their data without slowing down their business.