Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

How to protect yourself against a DDoS attack

Written by  Oct 15, 2019

The distributed denial of service attack (DDoS) has become one of the most popular, and most devastating, methods used by criminals to disrupt the activities of a target business.

The technique, which can be utilised by everyone from script kiddies to professional hackers, it involves bombarding a target website or server with artificial traffic to the point that it is overloaded.

Every time a computer visits a website, it requests access to that site's content. A DDoS attack exploits this by sending more requests than a server can cope with at any given time. This can result in either long delays for other users requesting content, or a server completely failing.

Given the relatively crude nature of the attack and the fact that it's incredibly difficult to prevent or stop once discovered, DDoS continues to be an effective tool for taking down websites and will continue to do so.

cyber criminalAlso see: Should you trust a criminal with your cyber security?

A criminal doesn't need to be especially technical, as there are a number of DDoS-for-hire groups operating on the dark web. These services have spent time spreading malware to devices across the world, which can then be mobilised as a visitor to a particular website or used to issue a server request.

While these types of attacks were normally done in isolation, and often in an attempt to tarnish the reputation of or cause financial damage to a particular company, they are often used today as a smokescreen to divert attention away from a far more serious hack.

The largest-ever DDoS attack on record was launched against GitHub in February 2018, although it only managed to knock the code repository offline for 10 minutes. Far greater disruption was caused during a smaller attack on the Dyn DNS server in 2016, which took down some of the world's most popular sites, including Amazon, Netflix and Spotify.

Both of these examples are also demonstrative of the way criminals are using new technologies and exploits to carry out DDoS attacks – the Dyn attack is thought to have used an IoT-powered botnet, while the GitHub attack made use of poor authentication on memcached servers.

What's more, it's not just the big-name players on the internet who are at risk from DDoS attacks – we all are. According to March 2018 research from Kaspersky Lab, 27% of businesses caught up in such an incident think they were collateral damage, rather than being the intended target. This highlights the need for all organisations to know how to protect themselves from a DDoS attack.

Back to basics

Rather than over-provisioning, simple things such as bandwidth buffering can allow for traffic spikes including those associated with DDoS attack and give you time to both recognise the attack and react to it.

It's also probably worth putting into place other basic safeguards that can gain you a few precious minutes: rate-limiting your router, adding filters to drop obvious spoofed or malformed packets and setting lower drop thresholds for ICMP, SYN and UDP floods. All these will buy you time to try and find help.


Cloud Computing Security: Foundations and Challenges
amazon uk

Think ahead

The first thing every organisation should do when suspecting a DDoS attack is confirm it actually happened. Once you've discounted DNS errors or upstream routing problems, then your DDoS response plan can kick in.

What should be in that response plan? Contact relevant members of your incident response team, including leads from applications and operations teams, as both are likely to be impacted.

Then contact your ISP, but don't be surprised if it black-holes your traffic. A DDoS attack costs it money, so null routing packets before they arrive at your servers is often the default option. It may offer to divert your traffic through a third-party scrubber network instead; these filter attack packets and only allow clean traffic to reach you.

Be warned, this is likely to be a more expensive emergency option than had you contracted such a content distribution network (CDN) to monitor traffic patterns and scrub attack traffic on a subscription basis.

Prioritise and sacrifice to survive

Ensure the limited network resources available to you are prioritised - make this is a financially driven exercise as it helps with focus. Sacrifice low-value traffic to keep high-value applications and services alive. Remember that DDoS response plan we mentioned?

This is the kind of thing that should be in it, then these decisions aren't being taken on the fly and under time pressure. There's no point allowing equal access to high-value applications, whitelist your most trusted partners and remote employees using VPN to ensure they get priority.

Multi-vector attacks

Multi-vector attacks, such as when a DDoS attack is used to hide a data exfiltration attempt, are notoriously difficult to defend against. It's all too easy to say that you must prioritise the data protection, but the smokescreen DDoS remains a very real attack on your business.

Advertisement


Cybersecurity Essentials
amazon uk

The motivation behind a DDoS is irrelevant, they should all be dealt with using layered DDoS defences. These should include the use of a CDN to deal with volumetric attacks, with web application firewalls and gateway appliances dealing with the rest. A dedicated DDoS defence specialist will be able to advise on the best mix for you.

DDoS mitigation services

It's worth considering investing in DDoS mitigation services if you're particularly likely to be a target of a DDoS attack (for example, if you're a large organisation) or at least knowing about what's out there, just in case.

One of the biggest and best known is Cloudflare, which has made headlines offering DDoS mitigation services to the likes of Wikileaks as well as working to mitigate wider attacks.

Cloudflare isn't the only game in town, though and many network and application delivery optimisation firms offer DDoS mitigation services.

Other well-known brands include Akamai, F5 Networks, Imperva and Verisign.

Some of these providers offer so-called emergency coverage, which you can buy when an attack is underway to mitigate the worst of it, while others require a more long-term contract.

If you're already using other products from any of these companies, you may want to look into adding DDoS protection to your package. Alternatively, if you use another network optimisation firm not mentioned here, it's worth seeing if it offers DDoS protection and how much it would cost. As mentioned above, your ISP may also offer some form of DDoS protection, particularly in an emergency, but it's worth seeing quite how comprehensive this would be beforehand, as well as the processes involved and of course the cost.

Carl Perkins

A security tech expert, Carl specialises in IT Security having worked in the field for over 10 years and has previous Tech admin roles to his credit. He is very experienced and his contribution is invaluable to us.

1 comment

  • Oliver O
    Comment Link Oliver O Wednesday, 26 February 2020 10:15

    Very thorough and informative, DDOS is a real and ongoing worry for every IT dept.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement

Popular Cyber News

Mar 05, 2020 Cyber Security

Tesco and Boots Loyalty Card Schemes Affected by Security Issues

UK retailers Tesco and Boots are dealing with the after affects of cyber security issues that may have affected thousand...

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

Mar 27, 2020 Cyber Security

Hospitals worldwide offered free security software

As cyberattacks against hospitals surge during the coronavirus crisis, technology companies are stepping up to alleviate...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

Mar 23, 2020 Cyber Security

Thousands of Netflix and Other Streamers Accounts are Being Stolen

With a massive surge in home use of video and music streaming services such as Amazon Prime Video, Apple Music, Netflix ...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

Apr 16, 2020 Cyber Security

Cybersecurity lessons to be learnt from the Pandemic

It may not be obvious, but the spread of information on computer networks is like disease processes. ...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

Mar 20, 2020 Cyber Threats

UK Fintech Company Finastra Targeted by Hackers

UK-based financial technology company Finastra is investigating a cybersecurity incident that may involve a piece of ran...

Jun 06, 2020 Cyber Security

Phishing attacks on companies using PBX systems increases dramatically

While video conferencing solutions have become the prime targets for hackers recently following the shift to remote work...

Jun 12, 2020 Cyber Security

Cybersecurity in the shortsighted gig economy

The ‘gig’ economy encompasses the increasing economic trend for professionals to take on a series of temporary work ...

Apr 13, 2020 Cyber Security

Under half of UK businesses provide cybersecurity training: Kapersky

If businesses want to seriously wan to reduce he risk of data breaches and remains secure, they must commit to employee ...

Advertisement
Symantec Home 120x60

Advertisement