Reports of aggressive DDoS attacks, also known as cyberattacks or overload attacks, are recurring topics in the news. These attacks shake up businesses and organizations—and their customers who are impacted in the end. Some people say that you can avoid DDoS attacks. That is not true. But, you can be prepared for them to minimize the impact on your business and operations.
An increasing number of companies are being hit by repeated DDoS (denial of service) attacks, according to the latest statistics from Akamai. The number of attacks has increased by a whopping 125 percent from last year. Top global banks, online retail stores, gaming sites . . . No industry is spared and companies of all sizes are being affected, although software and technology companies are heavily targeted with 25 percent of observed attacks aimed at such companies.
Repeat attacks are increasing and DDoS attackers are becoming more skillful. Each targeted customer is attacked 29 times on average. Multi-vector attacks, the most complex type of DDoS attacks, are increasing—making defense more difficult. Multi-vector attacks combine different DDoS attack tools, striking the application layer and the network layer simultaneously, and often dragging on for days.
This paints a scary picture. It is not really a question about if you will be attacked, but rather when. And don’t let anybody fool you into believing that you somehow can prevent the attacks from happening. You can’t. What you can do, however, is be as well prepared as possible to quickly identify and assess the threat and take speedy and relevant action.
Ways to Prepare for a Possible Attack and Ways to Handle It
A DDoS attack can be constructed as a special type of load test. By combining network DDoS protocol abuse and aggressive volume tests, you can create an aggressive and abusive test of your environment and its ability to handle high load traffic in combination with malicious use of protocols.
We usually see two types of DDoS attacks:
- Illegal attacks performed with malicious intent and driven from botnets and or server farms:
- Network layer, with basic application functionality
- High volume traffic
- Advanced application attacks
- Social media driven DDoS attacks
The difference lies in the method and means of the attack. Pure DDoS will traditionally attack on network layers, but we see a trend of including application layers and extreme volumes in combination with peak traffic, like Black Friday. They also typically have financial demands for stopping the attack.
If you have real users visiting your site(s) in super high volumes with no correlation to an event or service offering, you are experiencing a social media driven DDoS attack. An example is a tweet with links that cause millions of users to click the link. A Facebook campaign can also attract so much traffic that your website crashes.
DDoS attackers are enhancing their application integrations as that level is the hardest to provide protection against, especially under high volumes of traffic.
So, can you always protect yourself for all types of DDoS attacks? The straight answer is no, but you can always prepare your site and protection systems to match your business risk profile of lost business based on downtime.
Do your homework on capacity and security planning. Capacity and load weakness is the most overlooked corner stone in all defense techniques. Everyone has a theoretical idea of what needs to be done if you are attacked, but until an attack actually occurs, there is no actual way to know what works and what doesn’t work. The most common problem today, when it comes to capacity planning, is between front-end web applications and back-end databases—a discrepancy which can make you vulnerable to an attack.
Plan Countermeasures Like Massive Simulated Attacks
With this said, the first insight in preparing for an attack is to have the right countermeasures in place. The other insight is knowing how your surroundings will react to this scenario. You like to avoid easy wins for you opponent. The best thing you can do is recreate and attack in a controlled environment. One recommendation is to mobilize a third party’s load test organization to actually simulate an attack. This way you can understand the consequences and eliminate all the “ifs” from your action plan.
The burning question is: How do you prepare for, respond to, and mitigate a DDoS attack when it occurs? Have you set aside resources and engaged Internet suppliers in order to create black holes in the traffic? Black holing is a common defense against junk mail, where an ISP blocks packages from a domain or an IP address—a technique which can be used against DDoS attacks. Or, are you hoping your IDS, firewall, or router can filtrate the traffic? There are many methods and strategies that are used, but normally they are not tested in advance. You need a regular fire drill to have the readiness and systems in order for the real thing!
It is a good idea to externally test your selected DDoS protection and also suggest and validate offload solutions based on load balancing and cloud capacity. Mitigating the effects of a DDoS attack is complex and challenging. The techniques are constantly improving and more IDS solutions have the ability to identify DDoS attacks and eliminate them, either on a firewall level or outside the network before it penetrates the servers and makes them crash. This technique is fairly effective against smaller DDoS attacks—correctly setup, we might add.
Validate that your protection system is configured and working vs your application. Many organizations today invest in protection systems, but few really validate what kind the protection against more advanced attacks. What kind of tests do you need? Just basic load tests will not cut it, but normal traffic mixed with network layers attacks and application tweaks such as Slowloris will put your protection system to a test. DDoS stress tests should be carried out by test clusters that are deployed in a multitude of locations, around the world, to make the identification and blacklist a real challenge. Attack volumes today are high, so load traffic of up to 500 Gbps bandwidth and a million concurrent virtual users is a good starting point. Loads should be generated to your breaking point, and fast!
Protect Your Investment and Business
The sum of it all is that there is always a risk when you do business on the Internet. But that doesn’t mean you should retract from creating and maintaining a large website or a mobile application. Instead, you should take appropriate measures to protect this investment and the revenue generated by your business.
My rule of thumb is that at least ten percent of a company’s IT budget should be set aside for test and capacity planning. And, believe me, if you ever find yourself in the situation after a crash from either peak load or DDoS attacks, you will be convinced this money is well invested.
Anticipate DDoS attacks. Prepare yourself. Do regular professional tests. Test your protection. Just because you have purchased protection doesn’t mean that it protects all your specific applications. Testing must not be overlooked.