How does a DDoS Attack work?
Distributed Network Attacks are often referred to as Distributed Denial of Service (DDoS) attacks.
They primarily attack a business website by flooding the site with continuous webpage requests, this then exceeds the websites capacity, therefore preventing the site from functioning correctly.
The cyber criminals aim is the total prevention of the website’s functionality thereby achieving a total denial of service.
It has been known, that to maximise the large number of requests to the required source, the attacker will often establish a zombie network (botnet), that infects multiple machines with malware. The attacker will then have total control over the entire functionality of each infected computer within the zombie network (botnet) thereby overwhelming the victim’s entire business web resources. The attacker can direct an attack by sending remote instructions to each bot.
When a victim’s server or network is targeted by the botnet, each bot then sends requests to the victim’s IP address with the aim of causing the server or indeed entire traffic to become overwhelmed and unable to function, causing a denial of service to normal traffic.
How to identify a DDoS Attack
Traffic analytic tools can help you spot suspicious amounts of traffic originating from a single IP address or IP range. There may be a surge in requests to a single page or endpoint. There also may be odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural e.g., a spike every 15 minutes. However, these cyber criminals (cyber armies) can be dormant until given orders to proceed, e.g., on New Year’s Eve. A command-and-control server (C2) will be used by the cyber criminals to issue instructions to compromised devices. The devices will use a portion of their processing power to send fake traffic to a targeted server or website – the DDoS attack is launched!
DDoS mitigation refers to the process of successfully protecting a targeted server or network from a DDoS attack. Implementing a specially designed piece of networking equipment or cloud-based protection service allows a business to mitigate against the incoming threat but might not completely stop it.
Best Practices for Prevention of DDoS Attacks
DDoS attacks show no signs of slowing – in fact, research shows they keep growing in volume and frequency and the most common attacks today are commonly involving a blended or hybrid approach.
Each business needs an integrated security strategy to protect all infrastructure levels and to develop a DDoS prevention plan based on a thorough security assessment.
You need to consider your Backup/Restore and Data Archiving strategy – How robust is your business against a DDoS attack? What would be the consequence to your business if it received a DDoS attack? Serious consideration should be given to immutable storage, and then storing the Backup and Archive files in two separate locations or clouds.