If you tried to get on Amazon, Twitter, Netflix, Shopify or some other popular web services on October 21, you may have had a tough time. A company called Dyn, which provides a critical link between the URL you type in and the IP address you’re directed to, suffered a massive distributed denial of service (DDoS) attack. When Dyn was overloaded during the attack, people trying to reach Dyn client sites could not connect.
If you run a business, what should your company do to prepare for a DDoS attack?
How attackers execute a DDoS attack
Think of DDoS attacks as temper tantrums — they create so much noise that no one can get anything done. The initiators of DDoS attacks use networks of Internet-connected computers, or botnets, to complete their dirty deeds. Botnets can be rented on the darknet like any other cloud service with fake or stolen credit cards, which makes tracking the initiators pretty much impossible.
Why the Dyn attack is an eye-opener
Since Dyn is a dynamic DNS (Domain Name System) provider, the attack affected not only Dyn but its clients. And even though DDoS attacks are getting more common, the October 21 attack required coordinating thousands (if not millions) of botnet devices to distribute attacks simultaneously. This required some skill and effort. And leveraging a lot of botnet computers.
Dyn reports there were actually two attacks — an early morning attack that affected the U.S. East Coast and then, after the initial attack was resolved and websites were accessible again, another attack around noon that affected services worldwide. Dyn says the attack was sophisticated, highly distributed and involved tens of millions of IP addresses. One source for the traffic was the Mirai botnet.
Why hackers do it
While ransomware generates cash (as does data theft), the goal of a DDoS attack is usually to generate one thing — chaos. Which leads to loss of business, distractions and embarrassment. Usually the attacker is an unhappy customer, a disgruntled employee, a competitor or someone who wants get attention or notoriety. Sometimes DDoS attacks are used against business rivals at critical moments — Black Friday and Cyber Monday are among the most popular days for DDoS attacks. Rarely are they for political or geopolitical reasons, but that may change. The Dyn attack is rumored to have been a diversion so other malicious activities could go unnoticed.
Which companies need to prepare for DDoS attacks
Your company’s level of vulnerability depends on how much of your business is run online and how much you have to lose from an attack. If you run an e-commerce business or a service company with online account access for your customers, a DDoS attack can cripple your operations. If you run a car wash or a hair salon, probably not so much.
A lot of companies fall somewhere in between. For example, a delivery company may run most of its business offline but use an online system to send warehouse orders to distribution centers in advance so that the orders are ready for pickup when the drivers arrive. While this efficient system can save a lot of time, it’s also vulnerable to a DDoS attack.
Small businesses that use cloud-based accounting software like Workday or Quickbooks Online can be hit hard by DDoS attacks, too. And problems with timesheets, expenses, payroll and paychecks can, in turn, create big problems with employees!
What your company should do … soon
1. Get a risk assessment so you know how your business could be affected by a DDoS attack
Your company needs to do more than a penetration test — it needs to have a consultant review how your business makes money, which systems are critical to your operations, and where you face risks. If you don’t know you have a problem, you can’t fix it. You also don’t want to overreact in case you’re attacked. Knowing what’s what when it comes to risk prevents you from wasting time and money responding to something that may not hurt you very badly to begin with.
2. Use next generation firewalls and monitor them
About three years ago firewalls got a lot better at tackling new threats. These firewalls now include, among other tools, botnet detection services (they can flag any communication from a network computer to a known botnet server) and Intrusion Detection and Intrusion Preventions Services that can absorb small DDoS attacks and protect your servers — unless the attack is a big one.
With perimeter security monitoring of the firewall, you will get an alert that includes the IP address and name of computer in question so the computer can be shut down and cleaned.
3. Have a multi-pronged response ready
- Be ready to temporarily move your site to a public cloud. Your IT department or managed service provider can prepare for this
- Be able to provide your ISP (internet service provider) with the IP addresses that let them know where the attack is coming from so your ISP can block them. ISPs also have countermeasures in place — begin working with them immediately
- Consider adding a cloud-based DDoS protection service like Akamai, which is a sophisticated load balancer that absorbs the attack in the cloud and then routes the traffic back to you only after the problem has been resolved
- Consider contracting with a counter-attack service that will attack the machines that are attacking you so they can no longer function
Leapfrog believes the best way to prevent any kind of cyber attack is to prepare for it. The availability and sophistication of hacking tools gets bigger and more complex every day. Your best bet is to know exactly what you need to protect, and then balance the effort of protecting with your need to stay nimble and productive. No plan is foolproof but there’s a sweet spot for you! Feel free to contact Leapfrog to help you find it.