Ivan Galea
Jun 10, 2021
Ivan Galea
Jun 10, 2021
Today, any business can become a victim of a DDoS attack. In the past, such attacks were mostly associated with social unrest, electronic warfare, and large organisations. Today, with the growth of the dark web, DDoS attacks have become an illegal service offered by criminal organisations to clients of all sizes. A DDoS attack could be ordered by your disgruntled customer, by your immoral competitor, or even accompany a ransomware attack.
DDoS attacks have become more commonplace with a record number of more than 10 million such attacks in 2020 alone. The majority of 2020 attacks were short (under four hours) but attackers often repeat such attacks several times in a row. There was a slight drop in the intensity in Q4 2020 but trend analysts expect this to be temporary and estimate that 2021 will bring even more attacks than last year.
Luckily, DDoS defence technologies keep up with the pace. However, due to the nature and complexity of DDoS attacks, this is not something that you can simply resolve by installing software on your servers or configuring your firewalls. DDoS defence requires several layers of protection, a high level of expertise, and a collaborative approach.
One of the biggest problems with DDoS attacks is that the term actually encompasses several types of attacks, which utilize completely different methods and mechanisms. Here are the three most common ones:
Due to the complexity of the DDoS attack landscape, defence technologies must be equally complex. For example, protection against volumetric attacks requires the defence mechanism to be placed as far from your asset as possible. On the other hand, protection against application attacks requires the defence mechanism to be placed as close to your asset as possible.
What makes such attacks even more difficult to mitigate is the fact that attackers often use multiple vectors at the same time (multiple DDoS vectors or even DDoS with other types of attacks, such as attempts at exploiting web vulnerabilities). Trends show that multi-vector attacks in recent years are becoming more and more common.
There are many different methods of defending your assets against DDoS attacks. Some of them involve only specialized software but many also require human intervention and access to a community that shares attack details with one another.
The most important aspect of successful defence is early discovery. If your resources are already exhausted, it means that the defence was not successful. Detecting real DDoS attacks, on the other hand, is not easy. This is especially true in the case of volumetric attacks, which are hard to distinguish from a legitimate increase in traffic, for example, due to sudden customer interest.
It’s not enough to install some kind of software that detects a rise in traffic or certain kinds of packets. A dedicated team of specialists is still needed to be able to evaluate whether a raised alarm is a true DDoS attack or a false positive. Therefore, the first step is having the right team on the job.
Many DDoS attacks can be mitigated even before they start simply by eliminating potential attack sources. Criminals reuse their attack resources between attacks. For example, if a criminal organisation performs one DDoS attack using a certain network of bots (for example, vulnerable IoT devices spread around the world), the IP addresses of most of those bots will remain the same in all other attacks from this criminal organisation.
Organisations worldwide exchange data such as IP addresses and types of traffic received (e.g. whether a given IP address only sends malicious traffic or interweaves malicious and legitimate traffic, depending on circumstances). Such specialized information exchange networks help all DDoS defence services provide very effective protection. Most often, the first attempt of a connection from an attack bot is already prevented, never raising an alarm.
DDoS protection services also include properly configured, specialized web application firewalls placed right next to your web assets to prevent application attacks. Such firewalls can eliminate malicious packets that would otherwise consume your resources. Unlike in the case of volumetric attacks, these need to protect your server directly to avoid the attacker finding ways around them.
The second major step of defending against the DDoS attack (after detection) is actual activities performed once the attack has started. This is especially important in the case of volumetric and protocol attacks. There are three major techniques of eliminating the flood of DDoS packets:
Defence organisations usually offer two modes of protection or a mix of those modes:
To protect yourself against potential DDoS attacks, you need to employ all the methods mentioned above. This is clearly beyond the scope of most businesses and therefore DDoS protection is handled by specialists such as BMIT Technologies. However, we can’t do it alone, either! That’s why, for your top-level protection, we work together with global leaders.
Our partners, Lumen and Netscout, provide us with some of the tools needed for your DDoS protection. For example, they help us reach the global information exchange community and eliminate DDoS attack sources even before such attacks happen. Due to serving a large number of organisations worldwide, they also provide scrubbing and blackholing services that are able to protect even against the biggest DDoS attacks.
The key to effectively protect yourself against DDoS is having the right partners to protect you 24/7 and to step in when an attack happens. Partners, who not only have the necessary tools, but also experience in handling such situations in the past. That’s why BMIT is your best bet to make sure that a DDoS attack will not cause major losses to your business.
