February 23, 2021
This article was originally published in March of 2015.
Back in 2015, in our discussions with IT directors and engineers, the mitigation of distributed denial of service (DDoS) attacks was a common topic. In 2021, this has not changed. DDoS attacks can be extremely disruptive to a business or school district, as they can completely saturate the Internet bandwidth on their primary links, crippling critical line-of-business applications that require the Internet for end-users and consumers alike.
Every second your Internet pipe is unusable, you’re losing potential and future revenue. As a consumer, what would you think of a business that can’t keep their Internet services operational? Obviously, it’s not a good impression. In her article “Half Of Enterprises Worldwide Hit By DDoS Attacks, Report Says,” Kelly Higgins of DarkReading.com, does a good job highlighting the fact that not only are the frequency of DDoS attacks growing, but the manner in which they formulate an attack is evolving.
The frequency of DDoS attacks increased more than 2.5 times between 2014 and 2017, and the two longest DDoS attacks in 2020 lasted over 245 hours. In Q1 2020, there was a whopping 542% increase in DDoS activity compared to Q4 2019. The added confusion created by the COVID-19 pandemic only exacerbated the situation.
Anyone Can Be a Target for a DDoS Attack
In February 2020, AWS was hit by a DDoS attack. The attack was targeted at an unnamed AWS customer using a technique called Connectionless Lightweight Directory Access Protocol (CLDAP) Reflection. This technique relies on vulnerable third-party CLDAP servers and amplifies the amount of data sent to the victim’s IP address by 56 to 70 times. The three day attack peaked at 2.3 TB/second. Though the disruption caused could have been far more severe, the sheer scale of the attack and the lost revenue/brand power AWS customers is significant.
The Evolution of DDoS Attacks
DDoS attacks are some of the oldest tricks in the book, but they are always evolving. What was first a phenomenon from the 1990’s as a crude form of electronic vandalism or “hacktivism”, has matured into a very viable threat to major players. Nowadays, threat actors increasingly leverage DDoS for extortion by demanding money for not blasting computer networks. In some scenarios, it is used as a sideshow that distracts a victim from main hazardous activities, such as a data breach or a ransomware onslaught.
As the Internet of Things (IoT) rapidly grows, the security around these devices is failing to grow along with it. This has paved the way for IoT botnets to surge traffic and never before seen levels. DDoS actors piggybacked on crudely protected IoT appliances for the first time in October 2016. They used a botnet consisting of hundreds of thousands of these devices to drain the resources of Dyn, a prominent online infrastructure company. This takedown included well-known sites such as Etsy, Spotify, Reddit and The New York Times.
Presently, emboldened hackers simply extort their victims by contacting them over email instead of messages hidden deep within code. Their narrative is straightforward: pay or be brought offline. Interestingly, these blackmail threats are often made before any anomalous traffic begins hitting servers, so it may be hard to distinguish between a real menace and an outright bluff.
While there still isn’t a clear-cut strategy to mitigate DDoS attacks today, There are steps that can be taken. Most importantly, protect your data, applications, and infrastructure — as these are the common attack services. An extension of this is to develop a response plan based on a security vulnerability scan. If an attack hits, there is no time to think about the best course of action, so having a predefined plan well help you deal with the impact.
If you can, leverage the cloud. Outsourcing DDoS prevention to cloud-based service providers offers several advantages. First, the cloud has far more bandwidth, and resources than a private network likely does. With the increased magnitude of DDoS attacks, relying solely on on-premises hardware is likely to fail.
We also suggest you blacklist certain source networks where the attacks are coming from, and work with the ISP to see what their mitigation strategies are in terms of these attacks. The issue with the first approach is by the time you blacklist certain source networks, that bandwidth has already been saturated, as it’s being passed down from the ISP.
It’s clear that DDoS attacks are evolving and increasing, making it more difficult for organizations to deal with this annoying problem. At Mindsight, we will continue to monitor the market in terms of cost-effective solutions for customers. For the latest information on mitigating these types of attacks, please contact us.
Like what you read?
Mindsight, a Chicago IT consultancy and services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We’ve always prided ourselves in delivering the full spectrum of IT services and solutions, from design and implementation to support and management. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for a local business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.