Resource Category: Blog Posts

Nathan Allison, Head of Operational Security, explains how businesses can defend themselves against potentially destructive DDoS attacks.

Cyberattacks make the headlines periodically, usually when they hit high-profile organisations as with the well-known WannaCry ransomware attack that badly affected the NHS back in 2017 or the more recent Microsoft Exchange server attack in March this year. But just because they aren’t always in the news doesn’t mean they aren’t happening. In fact, businesses of all sizes face daily threats from a wide variety of malware and other nasties, so the security of their systems is something they need to take seriously.

One of the most damaging types of attack for businesses to deal with is the distributed denial of service (DDoS) attack. In these cases, the cybercriminal seeks to make a machine, network, cloud service or website unusable by bombarding it with thousands of requests in an attempt to overwhelm the system, therefore blocking legitimate traffic and effectively denying people use of the service.

The ‘distributed’ part of the name comes from the fact that these requests don’t originate from one single place, they come from many different sources. Very often, these zombie PCs are infected with malware in order to recruit them into botnets controlled by cybercriminals so that the attack can’t easily be stopped by blocking a single source.

Attacks occur for a number of reasons. The motivation behind DDoS attacks is often blackmail; trying to get companies to pay a ransom to stop the attack. But they can also be driven by revenge or by hacktivism, in other words, people with some kind of grudge against a particular company.

Although attacks on larger businesses – such as banks, for example – are the ones that get the most attention, no company with reliance on the cloud and a website is immune. DDoS protection, therefore, is something that EVERY company needs to take seriously, since suffering an attack can do serious damage to both your business and its reputation and may threaten its very existence.

How severe are DDoS attacks?

Most DDoS attacks have a lifespan of just a few hours. However, studies show that attacks are getting longer, lasting for several days in the most severe cases. Often, a short attack may be used as a declaration of intent, accompanied by a ransom demand. This serves to persuade those affected that the threat is a serious one, before launching a more sustained assault if the ransom isn’t paid.

The effects a DDoS attack has on businesses can be dramatic. More than half of companies take three hours to detect an attack, and three hours to respond. With a potential cost of lost revenue in the region of a quarter of a million pounds per hour, the effect of a sustained DDoS attack could prove crippling.

Of course, the financial aspect is only half the story. Businesses also face lost productivity, lost data, and severe damage to the reputation of the company as customers seek business elsewhere.

Although we think of DDoS attacks as being malicious, there are occasions when a site can be brought down by an unexpected surge in legitimate traffic. A breaking news story, for example, can cause major websites such as Google and Twitter to struggle with the extra demand generated. Similarly, a mention of a business website on a popular blog can have the effect of driving a surge of extra traffic. It’s important that any system aimed at combatting attacks is able to differentiate effectively between different types of traffic.

The UK Government takes the threat of DDoS attacks seriously, outlawing them under the Police and Justice Act of 2006, with anyone caught committing an attack facing sentences of up to 10 years in prison.

The problem lies in the global nature of the Internet with attacks coming from anywhere with difficulties in tracing back to a single source. This is further exacerbated by the fact that you don’t need to be a technical wizard to launch an attack – the Dark Web makes it possible for criminals to buy off-the-peg attack services for as little as a few hundred pounds. This DDoS-as-a-service approach makes attacks easier than ever with those responsible even offering sophisticated business models and pricing structures; an attacker in the US, for example, would pay more than one in Russia. Similarly, sites using some form of DDoS protection cost more to attack than those that don’t, and attacks on government sites are costly as they tend to be monitored closely by police and intelligence agencies.

Defending against attacks

Effective DDoS protection can be implemented in a number of different ways, although most often it involves a blended approach combining attack detection, classification of traffic and various blocking techniques.

Available technologies include using a ‘black hole’ to reroute suspect traffic to a non-existent server. An intrusion prevention system (IPS) can also be used to detect and block attacks based upon their content. However, the latest attacks tend to use legitimate content to hide their malicious intent, so this type of protection may be less effective.

Traditional protection techniques such as firewalls can also play a part in guarding against DDoS attacks. Where attacks are focussing on a particular port, a firewall rule can be an effective way of fighting them off. Features built-in to some of the latest generation of routers can also resist the impact of DDoS attacks, which would be able to overwhelm conventional hardware.

Buying protection

So, what exactly do you need to look for when shopping for DDoS protection? First of all, you need a supplier you can trust, so look for a company that has accreditations from major security vendors. It looks like you’ve already found one! Daisy has the highest-level accreditations with the world’s most trusted security vendors, so there’s nobody better placed to keep you protected. This gives you the peace of mind that staff have been properly trained and that the latest technology is available to deal with attacks.

DDoS attacks can come at any time, so 24/7/365 monitoring is essential. It also needs to be able to offer a fast response when an attack is detected; the earlier you can catch and block an attack, the less damage it will do to your business.

If you’re looking for protection from your service provider then you need to ask about the network technology that they’re using. Daisy, for example, offers embedded protection against DDoS attacks, which protects not only our Daisy network but also our customers’ networks.

The provider’s location is an important consideration too; choosing a UK-based service ensures that you have access to local support, as well as constraining traffic within the country in the event of an attack. As one of the UK’s leading independent providers of cyber security services, we ensure you’ll never speak to anyone further than the British Isles.

Buying protection as-a-service also delivers a number of benefits to your company. It means that you have access to a full range of services from monitoring and detection all the way through to mitigating the effects of any attack that might occur. Cyber security skills are in demand, and smaller companies may not necessarily be able to afford a dedicated team of in-house specialists to deal with DDoS threats and other security issues. But by buying protection from a trusted supplier like Daisy, you ensure that you have access to the latest technology and skills without the difficulty or expense of recruitment or training faced if you attempted to handle all of your security needs on your own.

Ready to start preventing DDoS attacks?

Find out more about our DDoS protection solution here or contact our security experts for a no-obligation chat on 0344 863 3000.

Security Product Manager Anthony Custy advises on how to avoid getting caught by phishing scams in peak retail season.

Phishing is once again likely to be a popular pastime for cyberattackers this winter. It is therefore vital that businesses make sure they are protecting their staff from taking the bait.

Black Friday, Cyber Monday, Boxing Day, and the January sales combine to offer the perfect feeding season for those who want to infiltrate business systems each year. Following an 18-month period in which many workers have transitioned to at-home working, and been potentially more vulnerable to cyberattacks, the coming festive months are likely to see those dangers reach new levels.

The line that most attackers are likely to cast out to make a catch, is email phishing and mobile device-based text message phishing (also known as smishing).

A staggering 90% of all cyberattacks begin with a phishing email¹, with the aim of stealing either money or data from the victim. Smishing attempts have also risen dramatically, with a seven-fold increase in the first six months of this year². In the first half of November 2020 alone, researchers witnessed an 80% spike in phishing campaigns² containing words such as ‘offer’, ‘sale’ and ‘cheap’.

At first glance, the dangers seem obvious. Losing money, information or intellectual property is something that businesses can ill-afford at any time. Beyond those initial impacts, however, also lie a host of reputational risks as employees and customers lose faith in those companies who are unable to keep their data or digital property secure. In fact, disruption at such a busy and pressurised time of the year is something that cannot be left to chance.

To combat this, businesses must ensure that their employees are properly equipped and aware of the dangers that lurk, so they can remain in calm waters.

Avoid being reeled in

Business email accounts are not immune to attackers’ phishing attempts. In fact, as the lines between personal and business use of corporate devices has become increasingly blurred, the attack vector has become even more pronounced.

There could be a level of complacency among workers who wouldn’t expect to be attacked using corporate software. Similarly, the risk-reward payoff for hackers is much greater should they infiltrate a business device, rather than someone’s personal device.

As such, the role of daily cyber hygiene should be paramount for businesses as we enter the festive season. Most attacks don’t occur because of ingenious attacks, but because of user error. It could be as simple as a purposely misspelled brand name that hasn’t been noticed – think ‘Arnazon’ instead of ‘Amazon’. Spoofed domains and subtly tweaked email addresses pass through the net more often than you’d think, so employees need to be careful not to be reeled in.

Additional signs to look out for include grammatical errors or repetitions within the email itself, URLs that seem abridged or cut off, and any emails that seem ‘too good to be true’ or that demand urgency in order to get the ‘best deal’.

While users may be more vigilant about suspicious emails, they are often less wary about text messages on their phones. Smishing is a form of phishing attack where scammers use SMS or text messages as the ruse instead of an email. A smishing message itself could be as innocuous as a notification of an attempted delivery or an offer of a voucher to trick unsuspecting victims into handing over sensitive information or downloading and installing malware onto employees’ smartphones.

The DMARC deficit

The reason why such a basic level of vigilance is required across the workforce is that there are still many gaps to be exploited, despite stated efforts from retailers to improve resilience. Concerningly, it came to light last year that only 11% of UK retailers have currently implemented the recommended and strictest level of Domain-based Message Authentication, Reporting & Conformance (DMARC) protection⁴.

DMARC is a system that prevents cybercriminals from spoofing a retailer’s identity. This reduces the risk of email fraud and phishing reaching the screens of unwitting customers.

Against this backdrop, businesses must make sure they are not making a rod for their own back by waiting for the retail sector to catch up and by being fully prepared for this year’s phishing season and beyond.

Phishing isn’t just for Christmas

Training, education and guidance should be the first ports of call. Embedding a strong and robust line of defence among the workforce will go a long way to mitigating human error.

Yet, the onus doesn’t solely lie with employees, as properly solidifying your company’s cyber-defences should also be a key focus. This should begin by knowing your own current level of protection. A security health assessment can pinpoint where general company vulnerabilities lie before offering guidance on where to better safeguard moving forward.

By working with a specialist partner like Daisy, you can be a cyber attacker’s nightmare before Christmas. We can offer a holistic portfolio of next-generation firewalls, endpoint security, DDoS protection, SIEM, vulnerability management, cyberbreach recovery services and more.

To find out how Daisy can help you this festive period and beyond, visit https://daisyuk.tech/security/.

Remember, phishing isn’t just for Christmas!

¹ https://www.retailtechnologyreview.com/articles/94-of-retailers-open-to-phishing-attacks-what-we-can-do-to-close-the-net
² https://www.computerweekly.com/news/252506611/Smishing-attacks-up-sevenfold-in-six-months/
³ https://www.cybertalk.org/2020/11/17/phishing-scams-surging-ahead-of-2020-mega-retail-events/
⁴ https://www.infosecurity-magazine.com/blogs/email-attacks-retail-season/