The average size of distributed denial-of-service attacks (DDoS) has been on a steady decline since the beginning of 2015. But organizations should not grow complacent, as the size and frequency of DDoS attacks are expected to grow in the future. Web application attacks have recently shifted toward the U.S., both as a source and as a target, and even smaller attacks can cause significant damage if organizations are not prepared. DDoS attacks are important not because of their size. Rather, they are damaging due to the nature of the attack, which targets the underlying fabric of websites and ties up resources or pulls information from the database powering sites.
At its core, DDoS attacks are malicious attempts to render a web site or application unavailable to users. Attackers achieve this by overwhelming the site with a huge amount of traffic, resulting in the site crashing or operating extremely slowly and making it unable to process legitimate requests. Although they are one of the oldest threats, DDoS attacks are getting increasingly hard to defend against because they are constantly evolving. Attackers have shifted their focus from attacking the network layer to the application layer, where DDoS attacks are much more difficult to identify. For a government website that gets hit with a DDoS attack, going completely out of service or operating very slowly can pose a significant problem for constituents.
Although DDoS attack tools do not significantly differ from other technologies, acceptance often moves forward at a much faster rate than consumer technologies. There is much less pushback against change within the small community of malicious users. While the DDoS threat is constantly evolving, there are steps that organizations can take to make sure their website is secure.
- Ensure patching and firewalls are in place where needed. Organizations can protect against DDoS attack vectors at the infrastructure level by ensuring that Internet Protocol Suite services like NTP (Network Time Protocol) are well patched and firewalled off in places where they are not required to be available to the wider Internet.
- Rely on multiple, external DNS providers. DDoS attacks can leverage a DNS query vector. Organizations can fend against such attacks by making sure that all DNS servers responding for a targeted domain are protected. If an organizations primary DNS is self-hosted and goes down, users would be unable to find the website or contact the organization via email. In some cases an external DNS provider is necessary to have sufficient response capabilities, and beyond that, it can make sense to have redundant providers as well.
- Look to the cloud. Many organizations find it difficult to build out sufficient infrastructure in order to scale to a large DDoS attack. A cloud-based security solution can help by offering built-in scalability and global reach to protect against the largest DDoS attacks. And a robust cloud-based solution will help maintain current site performance and availability even while facing ever-changing threats.
- Law enforcement can act as deterrence. Law enforcement can go a long way in minimizing DDoS attacks. Several individuals from some of the criminal organizations responsible for the upkeep of these attack platforms are now in prison. Europol recently coordinated the arrest of 34 individuals across 13 countries in Operation Tarpit, which targeted the largest services responsible for DDoS attacks aimed at banks, gaming companies, and retailers. While this may not limit the number of attacks in the long-term, having law enforcement demonstrate that they are cracking down on DDoS attackers can discourage criminals.
As users' interaction with the Internet evolves, and especially with the rise of IoT, organizations must rethink the way they secure sites in ways that don't exclusively focus on the traditional boundaries of security. Unfortunately, given the growth in capability of superior attackers, the damage a sustained DDoS attack could cause rises daily. Organizations should give attention to assets that have been attacked in the past or are most vulnerable to attack and plan accordingly to ensure that DDoS mitigation is in place before an attack occurs.
Tom Ruff is the vice president of public sector for Akamai Technologies where he helps federal and state government agencies, as well as higher education institutions, accelerate and improve the secured delivery of content and applications over the Internet and in the cloud. Tom has more than 30 years of IT industry experience, having held numerous executive management positions at Fortune 500 companies.