Saved to Cloud Storage

DDoS - Stands for Distributed Denial of Service Attack

How does a DDoS attack work?

Distributed Network Attacks are often referred to as Distributed Denial of Service (DDoS) attacks.

They primarily attack a business website by flooding the site with continuous webpage requests, this then exceeds the website's capacity, therefore preventing the site from functioning correctly.

The cybercriminals' aim is the total prevention of the website’s functionality thereby achieving a total denial of service.

It has been known, that to maximize a large number of requests to the required source, the attacker will often establish a zombie network (botnet), that infects multiple machines with malware.  The attacker will then have total control over the entire functionality of each infected computer within the zombie network (botnet) thereby overwhelming the victim’s entire business web resources.  The attacker can direct an attack by sending remote instructions to each bot.

When a victim’s server or network is targeted by the botnet, each bot then sends requests to the victim’s IP address with the aim of causing the server or indeed entire traffic to become overwhelmed and unable to function, causing a denial of service to normal traffic.

How to identify a DDoS Attack

Traffic analytic tools can help you spot suspicious amounts of traffic originating from a single IP address or IP range. There may be a surge in requests to a single page or endpoint.  There also may be odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural e.g., a spike every 15 minutes.  However, these cybercriminals (cyber armies) can be dormant until given orders to proceed, e.g., on New Year’s Eve. A command-and-control server (C2) will be used by the cybercriminals to issue instructions to compromised devices.  The devices will use a portion of their processing power to send fake traffic to a targeted server or website – the DDoS attack is launched!

DDoS Mitigation

DDoS mitigation refers to the process of successfully protecting a targeted server or network from a DDoS attack.  Implementing a specially designed piece of networking equipment or cloud-based protection service allows a business to mitigate against the incoming threat but might not completely stop it.

  • Detection – It is imperative to distinguish an attack from a high volume of normal traffic.
  • Response – A network can mitigate the attempt at disruption and drop malicious traffic at the network edge.
  • Routing – Intelligently route traffic into manageable chunks preventing denial of service.
  • Adaptation – A robust network analyses traffic for patterns such as repeating offending IP blocks, also there may be attacks incoming from certain countries, or protocols being used improperly.  By adapting to attack patterns, a protection service can harden itself against future attacks.

Best Practices for Prevention of DDoS Attacks

DDoS attacks show no signs of slowing – in fact, research shows they keep growing in volume and frequency and the most common attacks today are commonly involving a blended or hybrid approach. 

Each business needs an integrated security strategy to protect all infrastructure levels and to develop a DDoS prevention plan based on a thorough security assessment. 

You need to consider your Backup/Restore and Data Archiving strategy – How robust is your business against a DDoS attack?  What would be the consequence to your business if it received a DDoS attack? Serious consideration should be given to immutable storage and then storing the Backup and Archive files in two separate locations or clouds.