Nathan Allison, Head of Operational Security, explains how businesses can defend themselves against potentially destructive DDoS attacks.
Cyberattacks make the headlines periodically, usually when they hit high-profile organisations as with the well-known WannaCry ransomware attack that badly affected the NHS back in 2017 or the more recent Microsoft Exchange server attack in March last year. But just because they aren’t always in the news doesn’t mean they aren’t happening. In fact, businesses of all sizes face daily threats from a wide variety of malware and other nasties, so the security of their systems is something they need to take seriously.
One of the most damaging types of attack for businesses to deal with is the distributed denial of service (DDoS) attack. In these cases, the cybercriminal seeks to make a machine, network, cloud service or website unusable by bombarding it with thousands of requests in an attempt to overwhelm the system, therefore blocking legitimate traffic and effectively denying people use of the service.
The ‘distributed’ part of the name comes from the fact that these requests don’t originate from one single place, they come from many different sources. Very often, these zombie PCs are infected with malware in order to recruit them into botnets controlled by cybercriminals so that the attack can’t easily be stopped by blocking a single source.
Attacks occur for a number of reasons. The motivation behind DDoS attacks is often blackmail; trying to get companies to pay a ransom to stop the attack. But they can also be driven by revenge or by hacktivism, in other words, people with some kind of grudge against a particular company.
Although attacks on larger businesses – such as banks, for example – are the ones that get the most attention, no company with reliance on the cloud and a website is immune. DDoS protection, therefore, is something that EVERY company needs to take seriously, since suffering an attack can do serious damage to both your business and its reputation and may threaten its very existence.
How severe are DDoS attacks?
Most DDoS attacks have a lifespan of just a few hours. However, studies show that attacks are getting longer, lasting for several days in the most severe cases. Often, a short attack may be used as a declaration of intent, accompanied by a ransom demand. This serves to persuade those affected that the threat is a serious one, before launching a more sustained assault if the ransom isn’t paid.
The effects a DDoS attack has on businesses can be dramatic. More than half of companies take three hours to detect an attack, and three hours to respond. With a potential cost of lost revenue in the region of a quarter of a million pounds per hour, the effect of a sustained DDoS attack could prove crippling.
Of course, the financial aspect is only half the story. Businesses also face lost productivity, lost data, and severe damage to the reputation of the company as customers seek business elsewhere.
Although we think of DDoS attacks as being malicious, there are occasions when a site can be brought down by an unexpected surge in legitimate traffic. A breaking news story, for example, can cause major websites such as Google and Twitter to struggle with the extra demand generated. Similarly, a mention of a business website on a popular blog can have the effect of driving a surge of extra traffic. It’s important that any system aimed at combatting attacks is able to differentiate effectively between different types of traffic.
The UK Government takes the threat of DDoS attacks seriously, outlawing them under the Police and Justice Act of 2006, with anyone caught committing an attack facing sentences of up to 10 years in prison.
The problem lies in the global nature of the Internet with attacks coming from anywhere with difficulties in tracing back to a single source. This is further exacerbated by the fact that you don’t need to be a technical wizard to launch an attack – the Dark Web makes it possible for criminals to buy off-the-peg attack services for as little as a few hundred pounds. This DDoS-as-a-service approach makes attacks easier than ever with those responsible even offering sophisticated business models and pricing structures; an attacker in the US, for example, would pay more than one in Russia. Similarly, sites using some form of DDoS protection cost more to attack than those that don’t, and attacks on government sites are costly as they tend to be monitored closely by police and intelligence agencies.
Defending against attacks
Effective DDoS protection can be implemented in a number of different ways, although most often it involves a blended approach combining attack detection, classification of traffic and various blocking techniques.
Available technologies include using a ‘black hole’ to reroute suspect traffic to a non-existent server. An intrusion prevention system (IPS) can also be used to detect and block attacks based upon their content. However, the latest attacks tend to use legitimate content to hide their malicious intent, so this type of protection may be less effective.
Traditional protection techniques such as firewalls can also play a part in guarding against DDoS attacks. Where attacks are focussing on a particular port, a firewall rule can be an effective way of fighting them off. Features built-in to some of the latest generation of routers can also resist the impact of DDoS attacks, which would be able to overwhelm conventional hardware.
So, what exactly do you need to look for when shopping for DDoS protection? First of all, you need a supplier you can trust, so look for a company that has accreditations from major security vendors. It looks like you’ve already found one! Daisy has the highest-level accreditations with the world’s most trusted security vendors, so there’s nobody better placed to keep you protected. This gives you the peace of mind that staff have been properly trained and that the latest technology is available to deal with attacks.
DDoS attacks can come at any time, so 24/7/365 monitoring is essential. It also needs to be able to offer a fast response when an attack is detected; the earlier you can catch and block an attack, the less damage it will do to your business.
If you’re looking for protection from your service provider then you need to ask about the network technology that they’re using. Daisy, for example, offers embedded protection against DDoS attacks, which protects not only our Daisy network but also our customers’ networks.
The provider’s location is an important consideration too; choosing a UK-based service ensures that you have access to local support, as well as constraining traffic within the country in the event of an attack. As one of the UK’s leading independent providers of cyber security services, we ensure you’ll never speak to anyone further than the British Isles.
Buying protection as-a-service also delivers a number of benefits to your company. It means that you have access to a full range of services from monitoring and detection all the way through to mitigating the effects of any attack that might occur. Cyber security skills are in demand, and smaller companies may not necessarily be able to afford a dedicated team of in-house specialists to deal with DDoS threats and other security issues. But by buying protection from a trusted supplier like Daisy, you ensure that you have access to the latest technology and skills without the difficulty or expense of recruitment or training faced if you attempted to handle all of your security needs on your own.
Ready to start preventing DDoS attacks?
Find out more about our DDoS protection solution here or contact our security experts for a no-obligation chat on 0344 863 3000.