Where hackers are concerned, when you hear about a site being brought down this will usually mean that it has been affected by a distributed denial of service (DDoS) attack – which in essence means that cyber criminals have tried to make a computer system or website unavailable by flooding it with too much traffic.
These kinds of attacks specifically target websites and online services, with the intention being to hit them with so much traffic that the network or server can’t cope, making the service or website inoperable.
The traffic can be anything from requests for connections to incoming messages and you may well find that the hackers also threaten you with extortion and say a more severe attack will take place unless a ransom is paid by the business in question.
Symptoms of a distributed denial of service (DDoS) attack include slow access to files, internet disconnection, being unable to access a certain site over a long period of time, a lot of spam emails and difficulties accessing all websites.
While it’s great that there are clear signs that an attack may be taking place, the problem with identifying the situation is that these symptoms are like a lot of other issues you might have with your computer anyway – so it can be hard to tell what’s actually going on.
The good news, however, is that you can protect your business from an attack and you would be wise to carry out a risk assessment so you can find out where you’re vulnerable and work out what action needs to be taken first.
Remember that the earlier an attack is identified, the easier it will be for you to keep it contained. Make use of the technology at your disposal so you can recognise the differences between an attack and actual spikes in network traffic.
The different types of DDoS attack
TCP connection
These exploit vulnerabilities in the TCP connection sequence. The targeted server will receive a request but the transaction is never completed, which leaves the connected port occupied and unable to process requests. The hacker will then send more requests to overwhelm the ports and shut down the server.
Volumetric attacks
These are the most common form of attack, using a botnet to flood the server or network with what seems like legitimate traffic. This overwhelms the network and stops the server being able to process the incoming traffic.
Fragmentation attacks
This is where a hacker exploits weaknesses in the datagram fragmentation process. These attacks send in false data packets that can’t be reassembled and as a result, the server is overwhelmed.
Application layer attacks
You might also hear these referred to as Layer 7 attacks. They’re quite a slow burner so you might not immediately notice that there’s an issue as it’s possible that they may first appear as a legitimate request – until, of course, it’s too late. Such attacks are generally aimed at where servers generate web pages and respond to http requests.
What makes these attacks a hacker favourite is the fact that they’re cheap to run and they’re harder for organisations to spot than other types of attack.
So what can businesses do?
Being familiar with DDoS attacks and knowing what you need to do and how to react if you are targeted in this way is the key to ensuring that your business survives. It’s particularly important for companies that run their own servers to be able to spot when an attack is taking place because the sooner you can identify this, the sooner you’re able to spot it.
Your first step in this regard is to make sure that you have an accurate idea of what your usual website traffic is like, so you can spot a spike. But you also need to be able to tell the difference between a spike in actual visitors to your site and the launch of an attack.
If you don’t host your own servers, then you need to call your hosting company or internet service provider if you suspect you are under attack.
You can help to protect yourself against DDoS attacks if you locate your servers in a hosting centre than by running them yourself, since data centres will probably have higher bandwidth links and better routers – and it’s likely that they’re more experienced in dealing with cyber criminals.
It would also be a good idea to have proper protocol and guidance in place so that your team knows exactly what they need to do if they do ever find themselves under attack. Make sure you provide detailed steps so you know you’re responding appropriately and can help minimise the impact of the incident.
Setting up a response team would also be a good idea, with responsibilities set out for key members of the team to make sure that you have an organised response plan in place. Also make sure that you have the contact details of all those who need to be informed about the attack close to hand.
You can also outsource DDoS prevention to cloud service providers, which could prove particularly beneficial. If you’d like to find out more about any of the above, get in touch with London IT cloud services company Stellarise to see how we can help make your business more secure today.
