The Dyn attack caused a severe disruption of internet traffic to major sites, including many you may be familiar with, like Amazon, Reddit, Twitter, Tumblr, Verizon, Pinterest, Etsy, Spotify, PayPal, Comcast and even Playstation. The first attack was followed by at least two more.
Back in 2012, there was a DDoS attack that took out the websites of JPMorgan Chase, Bank of America, Wells Fargo, Citigroup and other financial companies. In 2007, a DDoS attack literally knocked most of Estonia off the grid.
How do these attacks work? The hackers look for a distribution model that can deliver sufficient traffic — in this latest case, a webcam that had sold well and had easily exploitable security. Then they focus on a target. The target here seems to have been companies that act as the internet’s phone book, making sure that traffic requests find the fastest route to any particular destination.
If you’re a fan of The Walking Dead, imagine a huge herd of zombies lumbering toward a valley with three fenced communities. While all three are in harm’s way, the one with the weakest fence will be overrun. The other two are more likely to withstand the onslaught.
Another way to imagine this scenario is a subway car or bus contaminated with a cold virus. While everyone on board is exposed, not everyone will get sick. The virus goes where it encounters the least amount of resistance, which in this most recent attack happened to be Dyn.
We can make this a problem of the past.
While our government has disappointed time and again, in particular on matters of cybersecurity, a DDoS solution may possibly be only a rule or two away from becoming reality. That is, of course, if the new administration truly focuses on the issue.
In that case Congress will actually agree on the day of the week to discuss the issue, and we can all say adios to the debate about whether the “Great Wall of Mexico” will be the answer to most of our problems.
The solution may lie in the way many ATMs now handle the new chip technology in credit and debit cards. When you make a request for cash or any other transaction, many machines will not release your card until you grab your cash or completely finish your transaction. This ensures that consumers don’t leave their cards in machines, which of course can create a very real vulnerability.
When it comes to the Internet of Things (IoT) devices, the six billion (and geometrically increasing) connected and interconnected devices that surround us in our personal and business lives, the same principle might help. However, it would have to become the law of the land to work — a law that would include authority over trade, i.e., products coming in from overseas.
Meanwhile, the “insert and release only when the transaction is completed” ATM process is a security measure designed to better protect your card, your accounts and your financial institution. If all IoT devices required the user to set a long and strong password before the device would function, a major vulnerability available for use by hackers in DDoS attacks would go the way of three-card monte scams.
In the meantime, there are a few things you can do to put your organization in the best position to survive a DDoS attack. While these measures are somewhat technical, they are within the skill sets of whomever is in charge of your digital security.
1. Identify a DDoS attack early.
You can do this with the right Intrusion Detection System (IDS) or a state-of-the art firewall that uses “Stateful Inspection.” These are techniques that can alert you to an attack and allow you to respond before systems fail. Another good move: having a technology professional that is capable of identifying traffic that looks like a DDoS attack and is ready to respond by immediately applying filters to the inbound DDoS traffic.
2. Have plenty of bandwidth available.
Bandwidth is pretty cheap, and if you are able to over-provision what you need, you can ride out smaller attacks or at least buy some time to react properly to larger attacks.
3. Have a rule book.
Apply the right technical defenses at your perimeter. For example, you could “rate-limit” your web server so that only so many traffic requests are allowed. This will keep your server from getting swamped. Doubtless, it will still slow down during a DDoS attack, but it won’t fail.
There are other things you can do that are beyond a generalist’s knowledge, but are straightforward for a professional who handles the engine room of your online presence. One strategy is to add network rules that dump requests from suspicious places or deny all traffic that doesn’t come from trusted sources.
Your IT team may decide it makes sense to time-out suspicious connections, drop malformed packages or set lower flooding thresholds on certain types of traffic. It is crucial to have these rules — however you choose to throttle them — applied to all routers and firewalls and even internal internet-working components to filter out the most common kinds of DDoS-type traffic.
4. Get your provider involved.
Your service provider will have better tools than anyone else when it comes to locking down the DDoS traffic headed your way. Alert the provider as soon as you see something. The company can even “null route” your address (a network route that goes nowhere) so you will see no DDoS traffic at all while it figures out how to neutralize the attack.
5. Outsource your traffic.
There are technical firms that specialize in filtering traffic for you in an emergency. When a DDoS attack occurs, all your traffic moves through one of their routers first, and they are very good at blocking all the DDoS traffic that would be coming your way.
While you cannot prevent someone from launching a DDoS attack against your company, you can be prepared to mitigate its impact. The key thing is to assume that it’s going to happen and be as ready for it as possible.