A distributed denial of service (DDoS) attack can easily sink your organization. On average, DDoS attacks cost the organizations they target about $100,000 per hour that they last, and with the number of DDoS attacks and targets on the rise in 2018, you need to protect your business.
You can prevent most DDoS attacks by making your website and infrastructure resistant to them. Deploy firewalls and anti-DDoS hardware and software. If you are hit with a DDoS attack, take swift action to stop it before too much damage can be done. A well-orchestrated DDoS attack can mean the difference between your business thriving or dying, so time is of the essence in stopping it.
The Threat Is Real
DDoS attacks involve incapacitating an IP address by overwhelming it with large amounts of traffic. Cybercriminals can use this strategy to effectively take down your website, by keeping legitimate web traffic – from employees and customers – from accessing it. Cybercriminals might also choose to use a type of DDoS attack known as a flood attack, which floods your servers with requests that must then be processed by the target machines. Usually, cybercriminals use previously compromised machines to create a botnet, or a network of private computers infected with malicious software, that can be controlled without the owners’ knowledge. Flood attacks can overwhelm target servers’ memory or CPUs.
Because DDoS attacks rely on malicious traffic generated from many sources, they can be harder to prevent than attacks that come from a single IP address. Many modern DDoS attacks rely on amplification attacks, which send out a small package of data to a compromised server, which then amplifies it and sends a much larger packet of data to the target server.
Memcached amplification attacks, like the attack that crippled GitHub earlier this year, can amplify this data packet by as much as 50,000 times. This largest-ever DDoS attack pummeled GitHub’s servers with 1.35 terabytes per second (Tbps) of data. DDoS attacks allow hackers to launch massive attacks with only a limited amount of bandwidth. These attacks are happening more often, and preventing such an enormous attack could be all but impossible.
While you may not be able to prevent every DDoS attack, you should still take steps to protect against them. Perhaps the simplest way to protect yourself is to use a CDN for load balancing. While this may not be effective against huge DDoS attacks like the attack against GitHub, it will at least make it harder for attackers to completely disable your website by overwhelming it with traffic.
Another action you can take is to spread out your servers across multiple data centers. Ideally, your servers should be in different countries or, at least, different parts of the same country. Connect them to different networks, too. This will make it harder for an attacker to disable all of your servers at the same time.
Of course, you can also implement hardware and software to protect against DDoS attacks. Configure your firewall to block DNS responses from outside your network and to drop ICMP packets; this will prevent ping-based volumetric and DNS attacks. Use specialized web application firewalls and network firewalls to protect your website. You can purchase anti-DDoS hardware and software that will protect you against many kinds of attacks, such as application-layer attacks, like the Slowloris attack, or DDoS protocol attacks, like SYN flood attacks.
If you are victimized by a DDoS attack, the most important thing you can do is identify the attack and take action immediately. Every hour your website is incapacitated by a DDoS attack is an hour you’re losing money – lots of it. If the attack goes on too long, your business could never recover.
Make sure you, or the person who runs your web servers, can identify a DDoS attack. Once you know you’re under attack, you can take steps to mitigate the attack immediately, if you run your own servers. Rate limit your router, and add filters telling it to drop packets from sources of attack. Timeout half-open connections. Drop malformed or spoofed packages. Lower the SYN, UDP and ICMP flood drop thresholds. These precautions may stave off a small DDoS attack or at least buy you some time in the event of a large attack.
If you don’t run your own servers, you should contact your ISP or hosting provider immediately. If your server is in a hosting center, that’s good news – they’ll be able to provide higher bandwidth capacity to handle the extra traffic, and they’ll have experience dealing with DDoS attacks, too.
If your website is targeted by a large DDoS attack, your ISP or hosting provider will stop all traffic to the site while they scrub data packets of malicious code before rerouting it to your web server. If the attack is large enough, they may even need to call in a DDoS mitigation specialist.
DDoS attacks can take your website completely out of commission and cripple your business. Don’t let them. Go on the offensive today, so your business won’t be at the mercy of cyber criminals.