Distributed Denial of Service (DDoS) attacks have featured a lot in the media of late.
In fact, just last month users of major companies Kiwibank, ANZ, NZ Post and Metservice were impacted by DDoS attacks, which have at times blocked successful use of their websites and mobile apps.
We spoke to Jonathon Berry, principal consultant from information and cyber security consultancy InPhySec, to understand more about DDoS, how it impacts your business and how you can protect yourself and your clients.
What is a DDoS?
A DDoS attack is a subset of wider set of attacks known as Denial of Service (DoS) attacks. A DoS attack simply seeks to deny legitimate users access to network-based (generally Internet based) resources. This can be achieved in a number of ways but the most common is by a ‘volumetric’ attack, when the attackers bombard the target with high volumes of spurious traffic.
The targeted server, service or network is effectively flooded by an overwhelming amount of traffic that congests network paths and may also overload the processing ability of the target system.
This results in a significant degradation of service for legitimate users as their requests or traffic are unable to get to the desired resource.
How does it work?
DDoS attacks are often achieved by utilising multiple compromised systems known as bots or zombies, which the attacker (cyber-criminal) gains control of remotely. A collection of these compromised systems, often made up of online servers, computers and IoT devices, are referred to as a botnet. These collections can be very large, depending on the effect desired and patience of the attackers. Equally, botnets can be acquired on the ‘darknet’, or Internet underground for a certain price.
Once a botnet has reached the desired size, the attacker is able to direct an attack by issuing instructions to each bot to send requests to a target, causing the target to be overwhelmed by traffic. This results in either a slowing or complete take down of the target.
The main concern with mitigating DDoS attacks is in differentiating between attack traffic and legitimate traffic. With the recent increase in DDoS attacks across the globe, the need to mitigate against this form of attack is increasing. The attackers may be motivated by business disruption or more likely they are attempting to put pressure on an organisation through such pressure to extort a ransom which may see the criminals stop the attack.
More recently, criminals have also been exfiltrating sensitive data, which they threaten to publish if the ransom is not paid, compounding pressure on the organisation.
There are four main ways for your business to mitigate DDoS attacks:
Blackhole routing: Mitigation is achieved through the creation of a blackhole route that essentially goes nowhere. This allows traffic to be routed to the blackhole instead of the target during a suspected DDoS attack. This is a blunt instrument and often not an ideal solution as it still allows the attacker to meet their desired goal, which is to render the target inaccessible.
Rate limiting: Involves limiting the number of requests a server will accept over a certain time window. While this is often useful for slowing down web scrapers attempting to steal content, or for preventing brute force login attempts, it is often insufficient at handling a complex DDoS attack effectively and should not be used as the only form of defence.
Web application firewall and/or scrubbing: Also known as a WAF, this is a tool that can assist in mitigating an application layer (or layer 7) DDoS attack by filtering, monitoring and blocking illegitimate traffic between the Internet and the target.
Anycast network diffusion: Where an Anycast network is employed to scatter the attack traffic across a network of distributed servers, to the point where the traffic can be absorbed by the network.
If you’re concerned about DoS attacks, ransomware or anything to do with the appropriate protection of your systems and information, InPhySec can help. Contact security@inphysec.co.nz or Jonathon Berry in Tauranga on 027 870 0619.