In a nutshell, a distributed denial-of-service attack works by identifying a cyber security flaw, and then barraging it with nonsensical traffic to create a bottleneck effect in the network. A service is subsequently left useless due to the severe data clog. This may not sound like an eloquent strategy, but it's a a favorite among cyber criminals because it's relatively easy and extremely effective. In fact, 2014 witnessed a flurry of successfully orchestrated DDoS attacks, including one on CloudFlare that broke all previous records in terms of scale, according to Trend Micro research. As long as cyber criminals can use DDoS attacks to their advantage, they will continue to pose a very real threat to enterprise security.
The recent example of ProtonMail
In early November, provider of end-to-end email encryption solutions ProtonMail became the victim of a DDoS attack that is believed to have originated from multiple hacking groups, according to a recent Trend Micro blog post. The attacks were two-pronged and the second wave succeeded in knocking the company's primary data center offline, according to TechRepublic. The perpetrators claimed that they would ease up only if they were paid a ransom, and in an effort to fix the fiasco, ProtonMail forked over $6,000 dollars in the form of Bitcoin.
As ProtonMail soon learned, this was a bad idea. The hackers did not ease up on their efforts at all. The attacks, which began on Nov. 4 were finally mitigated on Nov. 8. By then, the cyber criminals had already laid claim to $6,000. ProtonMail's decision to pay the ransom is not entirely shocking; the company noted that it was under a lot of pressure to pay the ransom in a blog post shortly after the event. However, the moral of the story – if there is one – appears to be that paying cyber criminals should never be considered an option.
DDoS attacks can vary significantly by case, which means there isn't necessarily a one-size-fits-all approach to solving the problem. Traditionally, the idea of purchasing a surplus of bandwidth was a popular solution. The idea here was that having more bandwidth than needed would prevent bottleneck effects resultant of a DDoS attack. Perhaps this is a viable solution in some cases; however, DDoS attacks are becoming increasingly huge and unrelenting, meaning the efficacy of this tactic is somewhat questionable. Another solution is to rely on DDoS mitigation solutions from Internet service providers. Again, this only provides limited security. ISP defenses against DDoS are typically cheap and unsophisticated, according to network specialist Sean Leach in a guest column for NetworkWorld.
Mitigation of a DDoS attack is all about having a plan when they do occur. The first part of this process is being able to detect the early signs of a DDoS attack, for example, by monitoring the network for unusual activity. If the concentration of atypical users is on the rise, it is important to have the network monitoring in place to detect this, and more importantly, to figure out what is causing the increase in traffic. Vigilance is the cornerstone of effective cyber security, and this is especially true when it comes to defending against DDoS attacks.
Optimizing network infrastructure in such as way that traffic can be distributed evenly is also a useful tactic. According to TechRepublic, even when a website's bandwidth manages to sustain the traffic caused by the attack, it's the database or custom scripts failing that wreaks the most havoc. Therefore, one potential solution is the use of cache servers to make certain data more readily accessible. This falls under the umbrella of enhancing network infrastructure, which at present, is probably the most effective mitigation technique.
It's impossible to avoid being targeted for a DDoS attack, and even harder to stop the attack at the source. But because a DDoS attacker must first identify a detectable network entry point, it is important for cyber security teams to identify potential exploits, and to do everything possible to block suspicious traffic. At present, defending against a DDoS attack is extremely difficult, but not impossible. Furthermore, hardened network security combined with sophisticated threat detection still go a long way in keeping services up and running in the event that a company falls into hackers' cross hairs.
Trend Micro Deep Security Platform helps keep businesses safe from DDoS attacks and other cyber threats.