Organisations faced two-and-a-half times as many DDoS (distributed denial-of-service) attacks in the first half of 2020 as they did in the same period last year, according to a Neustar report.
The increase is linked to the rise in Internet traffic amid the COVID-19 pandemic, with many organisations relying on video conferencing and e-commerce to keep their businesses going.
DDoS attacks flood network traffic with requests, slowing down systems or causing them to crash. They’re usually carried out to disrupt an organisation – perhaps as a cover for a more sophisticated attack or simply to be a nuisance.
No organisation is immune, with Neustar discussing attacks across all sectors, including banks, schools and the public sector – not to mention the countless others whose “service outages” and “network failures” may have been to the result of DDoS attacks.
But it’s not just the volume of attacks that is increasing. Neustar reported that a DDoS attack on Amazon Web Services in February was the largest of its kind ever recorded, suggesting that cyber criminals are investing in more powerful tools.
However, for many attackers, the goal isn’t to completely saturate systems but to maintain a consistent level of disruption without alerting the organisation.
Neustar notes that one of the best ways to do this is to “keep attack traffic high enough to do damage but low enough to bypass any traffic thresholds that would automatically signal an incursion”.
Doing this enables attackers to keep the pressure on, giving them time and access to accomplish goals such as breaching the organisation’s defences and stealing sensitive data.
So, what should organisations do?? Neustar looks at three issues you should address to mitigate the effects of a DDoS attack.
Organisations with a remote workforce should have a VPN (virtual private network) to protect employees from a variety of cyber threats; however, this also makes it easier for cyber criminals to conduct DDoS attacks.
In most cases, the URL or host on which the virtual network is set up will include “vpn”, allowing criminals to identify the server. They can then look up the DNS (domain name system) to find the IP address and pinpoint their attack.
You can protect your VPNs by reviewing your firewall settings. They should include an SYN defender or embryonic feature, which can protect against certain types of DDoS attacks.
You can also adjust your concurrent connection limit to reduce session timeouts and mitigate the risk of your systems being flooded.
Identifying an attack promptly
An organisation must be able to detect whether a dip in its website performance is because of a DDoS attack. This ensures that you can put the necessary defences in place and avoid the confusion that often accompanies an unexpected disruption.
It also helps you discover the attacker’s true motives: are they trying to inconvenience you, or is this part of a wider attack? If so, what are they targeting?
Neustar recommends examining and filtering incoming traffic. Specifically, it suggests reviewing headers and content, which will enable you to pass genuine traffic and minimise requests from the attacker’s botnet.
Managing business continuity
It’s impossible to stop every attack, because there are boundless vulnerabilities for cyber criminals to exploit.
That’s why you need to look at the way you handle an intrusion as well as how you stop them. With the right policies and procedures in place, you should be able to keep core parts of your business going during a DDoS attack.
For example, you should implement a BCMS (business continuity management system) and appoint someone responsible for it. This ensures you can enact the business continuity plan without delay and that staff understand their responsibilities.
As Continuity Central explains, failure to do respond to an attack can have severe consequences. It describes one incident in which an organisation lost $1.7 million (about £1.3 million) as it spent 40 minutes trying to get its internal teams and providers on a conference call to discuss how to proceed.
Another way to mitigate disruption is to whitelist frequent users and important customers, so that you can prioritise them if your website traffic is high. This will make them less likely to notice disruption, and reduces the risk of losing them to a competitor.
Stay in control of your organisation during COVID-19
Organisations have enough to worry about at the moment without the prospect of major delays caused by a cyber attack.
If you don’t already have a plan for how to cope in the event of a disaster, now is the time to start. Our Coronavirus Business Continuity Management Bundle is designed to help you deal with the challenges brought about by the pandemic.
It contains policies, tools and guides to help you understand and manage the risks. This includes the ongoing problems you face during the lockdown as well as the ways your organisation will shift back into business as usual when the threat subsides.