DDoS Attacks: What You Need to Know
Last fall, the internet experienced its worst day in a while. A massive Distributed Denial-of-Service (DDoS) attack took down major and minor sites across the U.S. The sites that appeared to have the most trouble included Twitter, Reddit, Spotify, Okta, Basecamp and our sister site Business.com, among many others. But, the bad news is that it could happen again and it could be much worse.
These complex and devastating problems are a result of multiple systems (botnets) targeting a single resource. This incoming traffic overwhelms that target, essentially shutting it down and preventing legitimate traffic from getting through. The target the problems last fall appear to have been a major DNS (Domain Name Servers) Dyn. If your DNS can't direct you to your favorite website, such as Pinterest or Etsy, then you're not getting there.
The company posted this note on its website “Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.”
These malicious botnets start with one vulnerability, which then spreads via a trojan malware until enough systems have been infected as to be effective in the take-down. The hacker collective, Anonymous, has been known to wage a series of DDoS attacks against some major websites, resulting in expenses in the thousands per hour. Xbox Live and the Playstation Network have both been infected in the past. In some cases, the criminal masterminds behind these hacks, then extort money from companies to make their own networks accessible again.
Editor's Note: Interested in DDoS Protection Services? Need help choosing the right one for your company? Use the questionnaire below to have our sister size, BuyerZone, provide you with information from vendors for free:
The source code for the Internet of Things (IoT) botnet, Mirai was released in 2016. This botnet recently brought down the security blogger Krebs on Security with an assault of 620Gbps, and the French hosting company OVH.com with two simultaneous attacks of 799Gbps and 191Gbps. It operates by constantly scanning IoT devices, which heavily rely on factory default or hard coded usernames and passwords. Now that the code is available to the public, the treats to small businesses are catastrophic.
It can be extremely difficult to combat a DDoS attack, due to the distributed nature of these attacks. But there are some countermeasures companies can take. First off, keep all your hardware and software up to date, including routers and switches, where current security practices may have become lax.
There are Intrusion Prevention Systems (IPSes) that come with DDoS detection abilities, but these are not fool-proof. You can also work with your ISP to protect your bandwidth against these attacks; after all, it's in their best interest to filter out potential DDoS packets before they reach your network.
Perhaps your best protection is to over invest in bandwidth and infrastructure, on the possibility that an attack may happen in the future. But that's not a realistic option for many smaller companies.