The number of DDoS (denial-of-service) attacks are increasing around the globe. While the average person or company doesn’t have any control over the DDoS attacks that can occur on a public network, there are a few tricks that companies can do to try to outwit the cybercriminals.
DDoS attacks are designed for a specific purpose. They flood an enterprise with such a high volume of requests that it causes the network to crash, thereby making access to the services or data unavailable to legitimate users. The exemplify the volume of traffic that occurs over the internet, a Cisco report stated “It would take more than 5 million years to watch the amount of video that will cross global IP networks each month in 2020. Every second, a million minutes of video content will cross the network by 2020.” They also indicated, “DDoS attacks are increasing at roughly the same rate as traffic.” Attacks have transitioned from a few years ago where they were measured at megabytes per second to gigabytes per second.
While this may be a bit mind boggling, the volume of information and data that is traversing over the net all over the world is exactly what those that design the DDos attacks count on. When you combine this with some of the more recent devious botnet codes that have found vulnerabilities in unsecured routers, this could be a recipe for disaster. The main goals of the DDoS attacks remains hacktivism, extortion and vandalism. It’s important to note that a DDoS attack can occur from a single or multiple locations and there has been DDoS software available since the 1990’s. If you equate this to what could happen within a corporate environment, it could involve a disgruntled employee with just a laptop and the DDoS software. Most companies now have specifically identified regulations and protocols within the environment involving plug-and-play devices brought into the company, with rules restricting connectivity to any internal device that could integrate into the network.
Those in charge of their enterprise systems can breathe at least one sigh of relief as there are symptoms to look out for. Analysis of everything that is connected to their network that could have net access is the first priority. High level attention should be given to plug-and-play devices and IPv6 networks that have sparse address spaces. Anything that involves lower band-width, for any reason, can be a main source for attack. If an enterprise has any publicly available services they should absolutely be run on dedicated, separate servers. DDoS techniques may be sophisticated or just seeking access to unpatched and unsecured devices and this means that all areas must be examined for potential vulnerability. In essence, it is your duty to make life harder for the attackers.
A secondary level of preparation is just as important as the due diligence. This involves having a response plan that is well-tested. This should include consistent testing on both IPv4 and IPv6 traffic which is the most vulnerable. A tight knit team that involves both the professionals in the IT Department and network administrators must work together to not only create better security, but to also address the process of recovery should they have a DDoS attack event. There should be clear cut steps outlined for all parties involved so that the attack can be identified and move back to full functionality. Speed of recognition and actions for mitigation are the key to protection against DDoS attack.
Da Vinci Forensics coordinates with companies to elevate their attention for potential DDos attacks and can work together to create a team effort with IT and network management staff on the protocols needed to protect against attacks. We will assist in establishing a mitigation process in the case of an attack and help internal staff to return to a normal status.”
-Nick Brandt, CTO, Da Vinci Forensics