To say that online infrastructure matters to businesses right now would be an understatement. At the start of 2021, almost every organisation has mission-critical applications in the cloud. Social distancing contributed to an astounding 50% increase in internet traffic over the course of the past year, and remote working is certainly part of that expansion.
Now, companies who aren’t online may struggle to operate effectively. In many ways, this is a business positive, especially where the remote landscape of 2021 is concerned. Sadly, this online shift is not without compromises, specifically where security is concerned. In fact, the sheer traffic turning to the net this past year has led to as much as a 400% rise in cyber breaches, specifically where denial of service is concerned.
With remote teams especially, the risk of DDoS (distributed denial-of-service) attacks has risen by around 50% since COVID-19 hit. Of those increases, application-layer attacks were the most prevalent with a 38% increase, while infrastructure layer attacks also increased by around 16%. All of this adds up to bad news, especially at a time where operations simply aren’t possible without uninterrupted interconnectivity.
Protection over an entire online infrastructure is, of course, fundamental right now. But with the growth of DDoS attacks in mind, companies will benefit from creating solutions that protect against DDoS. Here, we’re going to look at what that would look like.
Additional reading: If you want advice on how to explain the value of your new DDoS prevention plan to the board, check out our free resource — Board Presentation Toolkit: Cyber Security and Threat Management.
Understanding DDoS: What is it and why should you be worried?
As the name suggests, distributed denial-of-service attacks are cyber breaches that aim to make resources or systems unavailable to users, often through excess traffic with the use of botnets, or ‘zombie computers.’ This leads to crashes or error messages that leave servers inoperable. Reasons for such attacks vary, but previous high-profile cases have seen DDoS attackers like Armada Collective using this technique to extort banks and more.
While many confuse this attack style with its counterpart, denial of service (DoS), there are significant differences between the two and their severity. Most notably, those include:
- Scale of attack: DoS attacks involve one computer sending mass amounts of traffic, while DDoS attacks happen on a much larger scale, with various computers contributing traffic to crash victim servers — making them harder to manage.
- Speed of attack: For obvious reasons, DoS attacks tend to be much slower and easier to defend against, while organised DDoS efforts can hit a server hard from different angles at the same time, making defence much tougher.
- Traceability of attack: Tracing one malicious computer in a DoS attack is relatively easy, but the multi-source and often bot-led nature of DDoS attacks means that traceability can be incredibly difficult, especially for ill-prepared security teams.
Ultimately, DDoS attacks are bad news for all the obvious reasons. As well as stopping inter-team communications and sales, enforced downtime of this nature leaves servers open to further, more malicious attacks — putting everything from data to defences at risk. Perhaps most worrying, however, is the fact that DDoS attacks are rarely led by the intricate, expert hackers businesses typically deal with. Rather, even non-techy individuals can launch damaging attacks for as little as $1 a minute, a fact that has seen even thirteen-year-olds imprisoned and leaves businesses almost entirely unprepared.
Common DDoS vulnerabilities and misconceptions
Typical malware attacks are relatively easy to understand because they have a common goal — access to data. But, with DDoS attacks crashing rather than gaining access to business systems, it can be difficult to understand motive. Fundamentally, without motive, defence is almost entirely impossible. This leaves all businesses vulnerable unless they specifically tailor at least some aspect of cyber security towards this speciality. To do that, it’s first vital to consider what we do know about why DDoS attacks happen. Most commonly, previous large-scale incidents have held motives including:
- Competitive attacks: 40% of businesses hit by a DDoS attack believe that their competitors were behind that incident — attempting to interrupt service and damage customer confidence.
- Hacktivism, politics or revenge: Any number of factors can motivate individuals to strike out at specific companies in order to disrupt and damage operations in the service of an idealistic goal.
- Distraction techniques: These attacks are set up by cyber criminals to distract response resources, or otherwise damage systems in order to facilitate a different cyber-attack.
And sometimes, of course, DDoS attacks seem like nothing more than fun for the instigators.
What does a successful DDoS attack look like?
The confusing and hard-to-pin reasoning behind a DDoS attack can leave companies wondering what a ‘successful’ DDoS campaign looks like. For the most part, considering larger-scale attacks like the Amazon Web Service attack of 2020 can help realise exactly how attacks like these plan to play out. Ultimately, though, a successful DDoS attack will simply attempt to stop your servers from functioning. This can occur with one large-scale hit or, as we’re seeing more and more, small attacks that leave businesses offline for short periods over an extended timeframe.
Some signs that a DDoS has been or continues to be successful on your server include:
- Slow file access
- Internet disconnections/issues accessing your websites
- Excessive amounts of spam email in close succession
Sadly, common misconceptions make businesses surprisingly slow to defend from these motives and means, with many leaving themselves wide open. This is in large part to blame for the escalating nature of this risk, with businesses convincing themselves that they don’t need to put a DDoS-specific plan in place because:
- They assume their in-house security efforts will suffice
- They prioritise other, more ‘important’ security goals
- They think that fast action is all it takes to recover
But if companies are to stand any chance of survival in the remote working landscape that is 2021, they need to start taking DDoS risks seriously sooner rather than later to ensure that they don’t get caught out.
What should DDoS responsiveness look like?
Just because DDoS attacks look different doesn’t mean you can’t still protect against them. Moreover, you need to consider their nature and the misconceptions that have left you open until now.
The good news is that cyber security focuses are increasingly taking measures to provide coverage for this new wave of risks, and the responsiveness necessary for survival can be contextualised. We believe that there are three main components to this:
- Prevention better than cure: DDoS attacks have an instant impact, with even half an hour offline costing untold amounts. As such, businesses should approach with prevention in mind. Preferably, managed detection and response (MDR) services mean 24/7 monitoring to stop DDoS attackers in their tracks.
- Mind the gap: A lack of knowledge is the worst opening where DDoS attacks are concerned, so bridging limited cyber security understanding is fundamental. The emerging nature of this threat means that countless in-house teams struggle to act, and there already is a significant cyber security skills shortage that many organisations need to address. Strategic partnerships with security service providers can deliver the critical resourced need to prepare for the threats that you face today.
- Batten the hatches: It’s fundamental to consider overall network security. Namely, mitigating DDoS threats means thinking about multi-level protection across all devices within a network. Endpoint security paired with MDR is a great all-purpose solution able to flexibly and securely respond to threats, even within a remote working context. But ensuring that you have a system built for your specifics is critical to the holistic security solution you need to deliver quality outcomes.
Suggested reading: What is MDR?
Flex your security muscles to keep DDoS attacks at bay
This new cyber security threat can seem like a doom and gloom affair, but DDoS attacks needn’t put security at risk. If anything, this new challenge brings home the point that cyber security isn’t static. Rather, you should forever be prepared to change your security infrastructure to meet with new challenges like these.
That level of flexibility can be difficult, nay impossible, to achieve with in-house teams with static resources, knowledge and tools at their disposal. That’s why now, more than ever, companies could benefit from turning to strategic partners for their cyber security needs.
Here at Six Degrees, we’ve taken pains to understand that cyber security is a journey. That puts us in the perfect position to protect against DDoS attacks and any mutations that might emerge. And, we can do it all without your ever needing to worry! Get in touch if you want help planning a more secure future today.