In 2013 the non-profit anti-spam organisation Spamhaus was hit by a huge DDoS attack, with up to 300Gbps of traffic saturating its servers. The attack, thought to have originated from hosting company CyberBunker, went on for days, and slowed the internet down for millions of users – one site particularly affected was Netflix.
Spamhaus eventually thwarted the attack, in part because it has a highly distributed infrastructure, allowing it to continue operating in some capacity. Major DDoS attacks are becoming more frequent than ever, posing a headache for law enforcement and a potential risk for any business operating online. From these large-scale assaults though, valuable insights can be made by small companies.
Don’t count on your firewall.
It won’t be enough. Your best bet is either buying in purpose-built software or hardware that has been designed to combat DDoS attempts by analysing traffic and filtering out anything malicious before it hits your servers, or by employing a third-party to do it instead. The system operating on these 100TB bare metal servers is a good example, providing real-time visibility of networks to help understand and neutralise threats. Split up your IT infrastructure and compartmentalise customer data so that one attack can’t compromise everything.
Any company can be vulnerable.
Many US banks, including Wells Fargo and JPMorgan, have been subjected to high-profile DDoS incidents in the recent past, their websites assaulted possibly by a nation state seeking to create financial instability. Customers were unable to log in or complete transactions, potentially leaving them open to fraud. But large financial institutions are not the only ones at risk. Some estimates are that over 7,000 attacks take place every single day, so it’s safe to assume that regardless of the size of your company, you could be hit next year, next month, or even tomorrow.
Your company should have a plan in place to cope, and practise it. An example might be, if you run an e-commerce store that compliments one or more ‘bricks ‘n’ mortar’ shops, then in the event of suffering a DDoS attack you can extend high street opening hours. Plus, if you feel transparency will work in your favour, ask staff in shops to advise customers of the problem online.
The threat is always evolving.
Attackers are able to switch tactics as they go along in order to combat mitigation efforts. This, then, is a topic that should never be off the agenda when it comes to IT department policy-making. The bad guys won’t necessarily stop at one attempt either; if they find one door is closed they can just try another, and another, since it costs them virtually nothing to do so. A survey run in 2014 found that some organisations have been compromised several times within the space of 12 months.
Don’t bow to threats.
The hacker group DD4BC made a name for itself by extorting money from Bitcoin companies, but one victim decided to retaliate, not only refusing to pay out, but putting a ransom on members of DD4BC instead. If something similar happens to your company, don’t be tempted to pay out because that almost certainly won’t be the end of it. Your details will be passed around as a weak link and other extortion attempts will surely follow.
Know the signs of an attack.
For a company that doesn’t know what to expect, the first DDoS attack can be scary. Signs of a problem include slow network speeds, large volumes of spam coming through, and being unable to access one or more of your corporate sites, maybe all of them. You can probably also expect a lot of irate calls from customers struggling to get access. Know where your customers come from, so that if a lot of traffic seems to be coming from a part of the world where you don’t normally do a lot of business, there could be a botnet targeting you from there.
A DDoS attack could just be a distraction.
Attacks don’t just put a strain on computing resources, but also on human resources. For every hour your IT team spends firefighting, it could be monitoring other issues on your network. There are many reasons attacks are launched, and often they’re a cover for something more nefarious such as theft of customer data or sensitive corporate information. So if your business is under attack, try and devote at least some time to watching out for anything else weird going on.