Distributed Denial of Service or DDoS, is a fairly easy attack to perpetrate. The basic gist is that a DDoS attack is a continued stream of requests directed at a certain domain. The goal being to lock up the request server and make the server request impossible to actual users. This attack can come in many forms and is becoming more prevalent with the over (stat about IoT) devices being added to the internet every year.
How does a DDoS attack work?
It works, typically, through a bad actor controlling what is called a “botnet”. This botnet is a string of infected devices that can be triggered by the bad actor at any time. This infection comes in the form of malware that can be installed through phishing attacks or other forms of digital bad habits. Once your device is infected with this malware, it is subject to the ruling of its overlord (aka the bad guy). Once the bad actor has selected a target, the botnet is directed to request that IP address hundred of times a second. This is known as a blitzkrieg-style attack. The requests overwhelm the server, essentially plugging all of its ports and not allowing normal traffic to come through.
In recent months we saw the largest DDoS attack on Github, the world’s largest software development platform, which peaked at 1.35Tbps. That speed and veracity of attack indicated a large botnet attack directed at this service. Most companies have internet infrastructure capable of handling 10 to 30 Gbps. To put that in perspective, in 2009 there was a worm called MyDoom which targeted government, financial, and business sites. This attack peaked at 13Gbps, nearing the top range of most companies’ internet infrastructure limits. That’s in 2009. Today, 13Gbps is on the low-end of attack speeds which means that it’s only going to get harder to stay online through one of these attacks.
Internet of Things Speeds Everything Up
We can attribute much of the increase in attack volume to IoT and their unsecured nature. Devices like your Amazon Echo, wireless lights, and even cars can be utilized for DDoS attacks. IoT devices are not inherently secured. Security has to be at the forefront of the developers mind and that isn’t the case right now. As these attacks become more prolific, IoT security will be a priority but right now the market is in the mindset of just creating these devices with security as an afterthought.
These IoT botnets are being used to inflict massive amounts of damage. In late 2016, an almost internet-crashing botnet attacked called Mirai was executed. This attack targeted CCTV cameras and internet routers through a simple vulnerability discovered by some kids. This attack made much of the internet inaccessible on the U.S. east coast and demonstrated the power that these IoT botnets have. There is currently one massive botnet called “Reaper” that has infected over a million devices so far and is responsible for a DDoS attack on the financial sector in the Netherlands. This attack was weak in comparison to other attacks’ traffic volumes, only reaching 30Gbps, but through the attack researchers found that it’s not bound to static, pre-programmed targets. It’s able to be dynamically updated with new targets. This gives us a glimpse into the future of these attacks.
What’s my best defense?
The biggest asset you can have in your arsenal is the ability to recognize a DDoS attack early. Being able to recognize the attack gives you the time to contact your ISP because if it’s affecting you then it’s most likely affecting them too. The first plan of action to try and have them re-route the traffic away from your network. If there is a large botnet targeted at a single connection – your best course of action is to have the ISP redirect the traffic so your network is free to respond to legitimate requests.
Another preemptive tactic you can deploy is traffic monitoring software in your data center. Having visibility into your everyday traffic will give you a good barometer for what’s normal. This will give you an early indication that it’s not just a normal spike in traffic but an attack. DNA Center is one of those technologies that analyzes normal traffic and will recognize abnormal traffic in time for you to take appropriate action and redirect the attack.