An Information Security Community
According to a recent report, cybercrime attacks continue to be a global threat. In fact, there is a growing trend of DDoS attacks, evolving continuously. These attacks have become more sophisticated, harder to detect and mitigate. They have also become the tool of choice for hackers to cause disruptions of networks and bring down servers.
A distributed-denial of service (DDoS) attack is intended to make network resources unavailable to legitimate users by sending, from multiple different hosts simultaneously, an enormous amount of requests. For whatever motive (blackmail, vandalism, extortion, or political, religious or else ideological reasons), a malicious group or individual (a cybercriminal) is able to bring down servers and entire networks and make them unavailable to intended users.
An entire infrastructure can be compromised; the attacker consumes computational resources or begins flooding the targeted system(s) with large amounts of traffic. The victims’ machine is unable to process all the info received, thus, causing an overload of the CPUs and database; the system crashes. In such a situation, the victims’ business functions/operations/services are at risk.
Attackers have different ways to exhaust system resources; SYN flood or IP spoofing-based attacks, for example, are common types of DDoS threats. Hackers can make an attempt to make sessions on the network/Web server unavailable and inaccessible to legitimate users by overwhelming them with data and/or ICMP Echo Requests (ping packets).
DDoS can target all types and sizes of organizations; however, there has been a rise in targeting e-commerce websites lately and the online services they offer to customers. This poses an interesting question on whether these attacks might be a way for cybercriminals to distract IT security people in organizations while they perpetrate more dangerous cybercrimes.
Can DDoS attacks serve as a distraction? It is a possibility. In fact, while security specialists fight a denial of service attack, a malicious hacker could be, in reality, stealing data, assets, personal information from databases. This information could be used for identity theft and to compromise financial accounts, credit cards and e-wallets.
It has been noted in several incidents involving online unauthorized banking transactions and fraudulent wire payments, that the incidents were discovered right after a DDoS occurrence. Often, cybercriminals use botnets to cause a disruption in the normal activities of an organization to keep all security personnel busy with trying to prevent an interruption of services or a network failure. This buys enough time for them to steal the information or even money.
In the middle of an attack, it is also possible that machines might be overtaken by zombies and fall under the control of the attacker who can then perform various actions: from stealing to deleting, modifying, blocking data of host computer systems, for example. Such occurrences have financial and non-financial consequences.
In order to avoid hacktivism, organizations need to protect themselves from the threat. There are many ways to go about it to deter, minimize, and mitigate such attacks:
• Identify vulnerabilities and loopholes in the systems’ infrastructure where an attacker could exploit security flaws.
• Install an advanced firewall. Have it configured/setup appropriately to block an unwanted attack before it reaches the network perimeter.
• Use DDoS mitigation utilities, such as AIDE, or some other Intelligent DDoS Mitigation System (IDMS).
• Pass traffic across IP scrubbing devices and/or apply endpoint authentication.
• Use an intrusion detection and prevention systems (IDPS).
• Deploy routers and/or switches that have built-in support of stateless Access Control Lists (ACLs).
• Use an application filter at the gateway to allow legitimate traffic to continue to flow.
• Enable IDP application-level protection.
• Use a load balancer to block undesirable requests.
• Apply third party attack tools found deployed within the cloud (by a specialized service provider).
The best defense is said to be a good offense; it requires preparation. Network security awareness is paramount. One ought to perform regular network audits for vulnerabilities too. For more information about how to stop DDoS attacks, check out DOSarrest.