The first DoS attack was written by a 13-year-old student at University High School using a new command that could be run on Computer-Based Education Research Laboratory (CERL)’s PLATO terminals way back in the year 1974. It worked! Shutting out 31 users.
A large attack was recorded in the year 1999, when a computer at the University of Minnesota came under a DDoS attack called Trin00. It knocked out the university computers for over 48 hours.
In the year 2000, a 15-year-old Canadian boy orchestrated a series of attacks against several e-commerce sites. The attacks crippled internet commerce with the FBI estimating a total $1.7 billion in damages.
In the last two decades, the attacks have become more sophisticated and motives more varied. Ranging from attacks for ransom to political motives, the attacks have been attributed to various causes. While attacks happen regularly, many of them remain unreported.
As a result of its impact, on organizations and sometimes on the entire nation, DDoS Attacks have become an international concern with governments and enterprises finding ways and means to protect themselves against DDoS attacks.
MazeBolt as a cyber security company that strengthens enterprises’ resistance to DDoS Attacks has nearly a decade’s experience with leading enterprises across industry segments and even governments to prevent DDoS attacks.
MazeBolt has dealt with several situations when enterprises’ have come under attack.
Here are 5 steps MazeBolt recommends to initiate immediately when under attack:
Step 1: Recognize that there is a problem
Living in denial is not just limited to individuals. Enterprises when under DDoS attacks can find it incredulous and difficult to accept. In most of the cases denial comes from the fact that - With DDoS mitigation postures already in place and everything seemingly under control, where and how could an attack happen?
However, it is wise to begin with considering the activity as a `suspected’ attack so that it is given a due attention required. In any case, it is better to be alarmed rather than complacent. The first step is to acknowledge the possibility of an attack as time is of the essence during a DDoS attack.
Step 2: Inform stakeholders
In the case of a suspected DDoS attack, the key stakeholders need to be immediately informed. Their involvement in the mitigation process may not be hands on. However, they are the door keepers to the business, and they are responsible for customer responsiveness. From preparing to manage customer queries to legal implications, it is the responsibility of stakeholders to spring into action. It is therefore imperative that they are informed of an actual or suspected attack. If it is a false alarm, no harm done. Just as enterprises often conduct fire drills, a false attack will be a tester to show how well the organization is prepared for an actual attack.
Step 3: Inform the Mitigation Service Providers (MSP)
Whether an enterprise is using a cloud scrubbing service or a CPE, the mitigation partner needs to be informed of the attack. More often than not they will be able to immediately bring in the resources and expertise to identify the source of the attack. When this identification happens, mitigation will soon follow. They will also have a better idea and insight into vulnerabilities and can help to mitigate the attack.
Step 4: Move into Action
This step can happen in parallel with the first three steps, but the reason for placing it in the fourth place is to highlight the importance of the first three steps. Counter measures can vary depending on the kind of business, location, infrastructure, network and applications. All these factors will influence mitigation efforts. Most importantly, enterprises need to look at their existing mitigation postures and identify vulnerabilities.
Step 5: Evaluate and Re-evaluate Defense Strategies
It might be tempting to focus on a set of defenses as they will actually be showing some performance. However, DDoS attacks can be sneaky and virulent leading to far more damage than is visible at the onset. A comprehensive analysis and monitoring is required to answer a simple question, `Are the defenses working? Or, is the attack penetrating even more?’
How to Prepare for an Attack?
There are several DDoS Mitigation postures available and enterprises’ most likely have one or more of them included in their security strategy. However, research indicates that DDoS Mitigation postures are not always successful in preventing DDoS attacks. The whitepaper `Beginner’s Guide to DDoS Mitigation Technology’ carefully evaluates available postures for their advantages and disadvantages.
To summarize, it is better to be proactive when it comes to protecting against DDoS attacks. For a starter, these attacks are easier to target and once hit by DDoS Attack, its difficult to mitigate it quickly.
When taking a Proactive approach to DDoS Mitigation protection, it is important to understand that DDoS Mitigation by design is inherently vulnerable to DDoS attacks. That is why the sneakier attacks can slip through undetected and can bring the system down. DDoS Mitigation is inherently vulnerable because it cannot detect and finetune itself for the DDoS vulnerabilities (attack exposure surface). One of the most common reasons why DDoS vulnerabilities are generated is due to continuous changes taking place underneath the network DDoS mitigation is protecting. It is therefore advised to use proactive feedback module, a patented technology to eliminate DDoS vulnerabilities while DDoS Mitigation is working on incoming traffic analysis.