Distributed Denial of Service attacks are, for all intents and purposes, a cybersecurity attack that doesn't so much find back doors, but instead slips in through the cracks. On Friday, October 21, 2016, a series of major DDoS attacks targeting the Dyn domain name services made major parts of the internet inaccessible for a large number of users. A Wired report covering the event pointed out that DDoS events target DNS systems that underpin the internet, making DDoS one of the most effective threats facing businesses.
DDoS 101: How they work and why they're a threat
A DDoS attack can make your business' web apps and services - internal or customer facing - inaccessible without directly targeting your network with malware. You may have robust anti-malware services and network firewalls in place, but DDoS attacks work around those protections. They do this by:
- Infecting vulnerable systems - Internet of Things devices, consumer PCs, etc. - with malware that turns them into bots.
- These bot systems attempt to access web services without user knowledge.
- As many bots try to connect with a website, the DNS service gets flooded with more requests than it can process.
- Overloading the DNS provider with bots makes it impossible for users to gain legitimate access to the site.
"DDoS threats interrupt your business' ability to function online."
Effectively, DDoS threats interrupt your business' ability to function online by going after the systems you depend on, not attacking you directly. This makes it difficult to protect against attacks, but it doesn't make you helpless.
Responding to DDoS attacks
According to Arbor Networks, the attack against Dyn used a type of botnet IoT device-targeting malware that is estimated to reside on at least 500,000 devices. IoT devices are particularly vulnerable as they are still fairly new, and often lack the robust protections needed to keep malware at bay.
The focus on IoT devices highlights the core threat presented by DDoS attacks - the use of malware to attack the overlooked, inherently vulnerable systems that you may not always have oversight of, then use that access to attack key service providers that are deep in the internet food chain.
Protecting against these threats requires:
- Holistic security plans that cover all endpoints to prevent them from becoming hosts for botnets. This helps you do your part to subvert DDoS attacks.
- Data center hosting strategies that ensure you avoid single points of failure - such as having web requests being processed by just a single DNS - to limit the potential impact of DDoS attacks.
- Perform penetration testing to gain visibility into how data moves through your network.
Specialized data networking services are a starting point for DDoS protection, and technology consultants play an essential role in helping businesses find the right solutions for their specific needs. Whether you are a large business trying to deal with the complexities of diverse, intertwined systems or a small organization grappling with enterprise-scale threats on a tight budget, the right help can go a long way in protecting you against DDoS attacks. The variety of attack vectors presented by DDoS make it uniquely difficult to protect against, and it is essential to safeguard against every contingency.