Under DDoS Attack? Initiate these 5 Steps Immediately
The first DoS attack was written by a 13-year-old student at University High School using a new command that could be run on Computer-Based Education Research Laboratory (CERL)’s PLATO terminals way back in the year 1974. It worked! Shutting out 31 users.
A large attack was recorded in the year 1999, when a computer at the University of Minnesota came under a DDoS attack called Trin00. It knocked out the university computers for over 48 hours.
In the year 2000, a 15-year-old Canadian boy orchestrated a series of attacks against several e-commerce sites. The attacks crippled internet commerce with the FBI estimating a total $1.7 billion in damages.
In the last two decades, the attacks have become more sophisticated and motives more varied. Ranging from attacks for ransom to political motives, the attacks have been attributed to various causes. While attacks happen regularly, many of them remain unreported.
As a result of its impact, on organizations and sometimes on the entire nation, DDoS Attacks have become an international concern with governments and enterprises finding ways and means to protect themselves against DDoS attacks.
MazeBolt is an innovation leader in cybersecurity and part of the DDoS mitigation space. Offering full DDoS risk detection and elimination.Working with any mitigation system to provide end to end full coverage. Avoiding downtime and eliminating mitigation vulnerabilities before an attack happens.
MazeBolt has dealt with several situations when enterprises’ have come under attack.
Here are 5 steps MazeBolt recommends to initiate immediately when under attack:
Step 1: Recognize that there is a problem
Living in denial is not just limited to individuals. Enterprises when under DDoS attacks can find it incredulous and difficult to accept. In most of the cases denial comes from the fact that - With DDoS mitigation postures already in place and everything seemingly under control, where and how could an attack happen?
However, it is wise to begin with considering the activity as a `suspected’ attack so that it is given a due attention required. In any case, it is better to be alarmed rather than complacent. The first step is to acknowledge the possibility of an attack as time is of the essence during a DDoS attack.
Step 2: Inform stakeholders
In the case of a suspected DDoS attack, the key stakeholders need to be immediately informed. Their involvement in the mitigation process may not be hands on. However, they are the door keepers to the business, and they are responsible for customer responsiveness. From preparing to manage customer queries to legal implications, it is the responsibility of stakeholders to spring into action. It is therefore imperative that they are informed of an actual or suspected attack. If it is a false alarm, no harm done. Just as enterprises often conduct fire drills, a false attack will be a tester to show how well the organization is prepared for an actual attack.
Step 3: Inform the Mitigation Service Providers (MSP)
Whether an enterprise is using a cloud scrubbing service or a CPE, the mitigation partner needs to be informed of the attack. More often than not they will be able to immediately bring in the resources and expertise to identify the source of the attack. When this identification happens, mitigation will soon follow. They will also have a better idea and insight into vulnerabilities and can help to mitigate the attack.
Step 4: Move into Action
This step can happen in parallel with the first three steps, but the reason for placing it in the fourth place is to highlight the importance of the first three steps. Counter measures can vary depending on the kind of business, location, infrastructure, network and applications. All these factors will influence mitigation efforts. Most importantly, enterprises need to look at their existing mitigation postures and identify vulnerabilities.
Step 5: Evaluate and Re-evaluate Defense Strategies
It might be tempting to focus on a set of defenses as they will actually be showing some performance. However, DDoS attacks can be sneaky and virulent leading to far more damage than is visible at the onset. A comprehensive analysis and monitoring is required to answer a simple question, `Are the defenses working? Or, is the attack penetrating even more?’
How to Prepare for an Attack?
Even with the most sophisticated DDoS mitigation and testing solutions deployed, most companies are left with a staggering 48% DDoS vulnerability level. The vulnerability gap stems from DDoS mitigation solutions & infrequent Red Team DDoS testing being reactive, instead of continuously evaluating and closing vulnerabilities.
Mitigation solutions do not constantly re-configure and fine tune their DDoS mitigation policies. Leaving their ongoing visibility limited and forcing them to troubleshoot issues at the very worst possible time, that is, when systems are brought down by a successful DDoS attack. These solutions are all reactive, reacting to an attack and not closing DDoS vulnerabilities before an attack happens.
DDoS Red Team Testing simulates a small variety of real DDoS attack vectors in a controlled manner to validate the human response (Red Team) and procedural handling to a successful DDoS attack. Red team testing does not identify a company’s vulnerability level to DDoS attacks and is usually performed on average twice a year. Red team testing is a static test done on dynamic systems. Any information gained from this testing, is valid for that point in time only.
Red Team testing is very disruptive to IT systems and requires a planned maintenance window.
RADAR™, MazeBolt’s new patented technology solution is part of the MazeBolt security platform. RADAR™, simulates DDoS attacks continuously and non-disruptively. Delivering advanced intelligence, through straightforward reports on how to remediate the DDoS vulnerabilities found.
Closing the DDoS gap by assisting your mitigation solution to fix on going security gaps before they are exploited. Using RADAR™ you never have to rely on risky zero-day reactive mitigation capabilities.
RADAR™, assists organizations in achieving, maintaining, and verifying the continuous closing of their DDoS vulnerability gaps. Reducing and maintaining the vulnerability level from an average of 48% to under 2% ongoing.
To summarize, there are several DDoS Mitigation postures available and enterprises’ most likely have one or more of them included in their security strategy. However, research indicates that DDoS Mitigation postures are not always successful in preventing DDoS attacks. The whitepaper `Beginner’s Guide to DDoS Mitigation Technology’ carefully evaluates available postures for their advantages and disadvantages.
MazeBolt is an innovation leader in cybersecurity and part of the DDoS mitigation space. Offering full DDoS risk detection and elimination and working with any mitigation system to provide end to end full coverage. Supporting organizations in avoiding downtime and closing DDoS vulnerabilities before an attack happens.