DDoS Attacks are Disruptive; often a Smokescreen for Something Worse

When it comes to cybersecurity, one constant is that the “attack du jour” will always be changing. Right now, one of the greatest threats worldwide is an attack known as Distributed Denial of Service (DDoS), which is designed to cripple a company or organization by artificially crashing its website, and therefore denying service to its customers.

Though these attacks have been around for a while, causing disruptions and general headaches, there’s a disturbing trend underway: many DDoS attacks are now being used as a smokescreen for wider, more sinister attacks or intrusions on an organization. The intention is that these disruptions will distract the IT staff, so that a more malicious attack, launched after the DDoS, will go unnoticed. “They’re accompanying data breaches, the implementation of malware within an organization, theft of intellectual property, and stealing funds or customer information,” NeuStar Senior Security Manager Joe Loveless told TechNewsWorld. Read here for the article.

We’re seeing DDoS attacks occur in significant numbers lately, due to the fact that, as the methodology behind these kinds of attacks evolve, they becomes cheaper and easier to deploy. In fact, software enabling these attacks is widely available for anyone to purchase, anonymously, through “the dark net,” the online underground marketplace. (More on that in an upcoming blog).

Here’s how DDoS works: The attack starts when a cyber-thug uses a botnet to infect thousands, or even hundreds of thousands, of devices (laptops, tablets, smart phones, etc.) with a virus or Malware. This allows the attacker to then use every infected device to send non-stop traffic to a specific server or IP, eventually overloading it and causing it to crash. Yes, that means John and Jane Q. Public’s devices are vulnerable, and could unwittingly be used as a tool in such an attack. And they’d never know it, because everything happens in the background; they’d have to intentionally search their device for botnets to determine if it’s infected.

According to one survey (of 5,500 companies in 26 countries) and report (Denial of Service: How Businesses Evaluate the Threat of DDoS Attacks), 50% of DDoS attacks “lead to a noticeable disruption of services,” while 24% lead to services being completely unavailable. Besides the desire to steal intelligence, funds or customer info, why would someone want to launch this type of attack? There are a few reasons:

• Protest or revenge on a certain company for undesirable political, economic or monetary behaviors
• Demand/threat for payment (ransom)
• “Turf wars” between online hacking groups
• To take down a business competitor
• Just for fun, to claim you were able to do it

How can companies safeguard themselves from DDoS and the possible accompanying theft of data and other security breaches? Unfortunately, there’s not a lot that can be done to completely eradicate the threat, but there are a couple of preliminary steps to minimize the impact if it does occur.

• Have a good firewall and network monitoring system in place (TNSC offers this capability through SecureIT with SonicWALL management.
• Have a failover solution, so that, if there is an attack, there is a secondary server/IP to move to.
• Larger companies may want to invest in real-time visibility software/hardware that allows them to monitor their systems in real time; this would help identify an attack quickly so that techs can address the problem before the server is completely overwhelmed.

The good news for most business owners (and most of the clients with whom TNSC partners) is that they’re unlikely to be targets of a DDoS attack; larger corporations/companies and governments are much more at risk.