Detection prevents disruption
What is a DDoS attack? Whilst perhaps more a cybersecurity concern than an information security one as this type of attack doesn’t compromise information, denial of service attacks, most commonly Distributed Denial of Service or ‘DDoS’ attacks, are incredibly common and plague countless businesses every year.
Seeing a 542% rise in the first quarter of 2020, DDoS attacks were for some time considered an attack of the past, however that trend has recently been reversed and DDoS attacks are back on the rise.
Whilst awareness alone will not prevent these attacks from happening, ensuring you’re aware of the signs of one taking place can help ensure the attack is stopped as soon as possible, preventing disruption and financial loss before they can occur.
What is a Denial of Service attack?
A denial of service attack involves just that: stopping the use of a service that matters to the function of the business in question. Usually, the service in question will be a company website or servers.
Denial of service attacks work by sending large volumes of requests to the service, preventing it from working. These requests sent to the service can vary, but the end result is the same, non-operation of a vital piece of business infrastructure. Think of these requests as questions and tasks being asked of the service. Like us, if given too many tasks we need time to work through them, and we wont be able to keep up until we have these resolved. The same is true of our business systems, and this is what makes the service unusable.
These attacks cannot extract information from the victim and therefore the effect of the attack is purely disruption and the financial loss that occurs from having the company website or servers offline. Attackers will often use these attacks to extort a ransom in return for the attack ceasing, or in some cases, "hacktivism", where a group with a political agenda will disrupt a website or business that conflicts with their views or spreads information they disagree with.
DDoS Attacks vs DoS Attacks
Both DDoS and DoS attacks work by sending large volumes of requests to a service, but the difference in these attacks is the source of the requests sent to the target service. DDoS attacks recruit a botnet, a team of enslaved computers that work together to flood the targeted service with requests. DoS attacks use only one computer and are therefore capable of sending fewer requests and are easier to track. DDoS attacks are therefore, and unsurprisingly, the most common form of this type of attack.
Signs of a DDoS Attack
In the event of a DDoS attack, you’ll notice a rapid decline in the performance of a service. This disruption will affect all employees and continue for sustained periods of time. Look out for the inability to access servers, the company website, or computers functioning very slowly.
What to do in the Event of a Suspected DDos Attack
In the recent of a suspected DdoS attack, do not wait before acting. If your systems or services seem slow, there is some things you should do immediately.
Contact your ISP
Contact your ISP and let them know that you suspect you are being attacked. They will have procedures in place to help mitigate the effect of a DDoS attack and will also appreciate being aware of a potential attack in case other customers could be at risk.
Activate security measures
Speak to your security or IT team regarding what measures are currently in place ahead of time if possible. Its more than likely that there are already measures such as Access Control Lists (ACLs) in place, which prevent traffic from suspected malicious sources being allowed into your network.
Another method that can be used is rate-limiting, which prevents multiple requests from single sources. This method is most useful when a web-based service is under attack.
Regardless of the methods chosen to protect your organisation before or during a potential DDoS attack, it is imperative that these methods are reviewed and assessed regular to ensure they are up to the job of protecting from a DDoS Attack. Ensure that the Security or IT team regularly review to ensure they’re up to the job, and there isn’t something better out there they could be using instead.
DDoS attacks can sneak in undetected at first, but the signs of an attack can be spotted before the attack is in full force. Therefore, as with all cybersecurity attacks, awareness of what is possible and the threats that your organisation faces can be the key to preventing lasting damage before it can occur.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
BOE tackles Cybercrime, ETERBASE Hack & Newcastle Uni Ransomware - Infosec Round-Up Sep 13th 2020
NZX DDoS, Uber CSO Charged, TikTok Sues Trump & Social Accounts Exposed - Infosec Round-Up Aug 30th
Jack Daniel’s leak, the Experian and Ritz breaches, and a class action lawsuit against Marriott hotels
SANS Institute Hack, TikTok Data Drama, Facial Rec & Travelex in Admin – Infosec Round-Up Aug 16th
Does GDPR Apply to Individuals? How GDPR Relates to you Personally. Blog by Information Security Awareness Training provider Hut Six Security
Trump TikTok Ban, Twitter Hack Arrests, Canon Attack & Google Lawsuit - Infosec Round-Up, August 9th
Who Does GDPR Apply To? And Other Data Protection Questions/ Information Security blog by Information security awareness provider Hut Six Security.
Ransomware Attacks, Google Privacy & Avon Leaks – Infosec Round-Up Aug 2nd
Does GDPR Cover Paper Records? Paper Records and Data Protection Law blog by Information Security Awareness Training provider Hut Six Security.
£1m Football Scam, Twitter Hack, Test and Trace & York Uni Data Breach - Infosec Round-Up, July 26th