DDoS Attacks: What They Are and How to Prevent Them
If you’re reading this, good – that means the internet isn’t dead yet, then. It was a bit touch-and-go back there for a second, wasn’t it?
No more Twitter. No more Spotify. No more Reddit. All of them, alongside Amazon, Etsy, Netflix and others, were taken down by a pretty sophisticated DDoS attack. And you thought the biggest problem Twitter had was trolls and celebrities discussing their favourite flavour of crisps.
But, if nothing else, we got a sneak-peek at what the apocalypse would look like. Chaos, carnage, confusion sweeping across the American east coast… precisely none of this happened as hackers swamped servers and rendered some of the biggest websites in the world absolutely inaccessible.
So what is a DDoS attack and why was this one different?
There are two kinds of service denial attacks. The basic denial-of-service (DoS) attacks use a single computer to flood a target with requests. What happened to all your favourite websites was a distributed denial-of-service (DDoS) attack, which uses thousands of ‘botnets’ to spam servers.
A simple analogy is to think of your website as a post office – now imagine a thousand people rocking up, each carrying a thousand sacks filled with a thousand letters each. And they do this every day for a year. What happens? The post gets backed up, and eventually you’d have to stop accepting any more letters. It’s the same for websites, as the servers are overloaded with traffic and the sites can’t cope, eventually saying ‘no more,’ regardless of how desperately you wanted to stream ‘Chains of Love’ by Erasure. That makes it very difficult for anyone, even those as big as Spotify, to prevent an attack (Sorry, guys).
But this situation was very different to your standard DDoS attack. Whoever was behind it targeted Dyn – the internet management company who looks after the infrastructure for those big-name sites – using botnets that were hooked up to ‘smart’ devices in homes. That added even more pressure, as internet-enabled tech like printers, DVR machines and cameras all requested access to the network thanks to Mirai, a malware that infects computers.
Cyber security expert Brian Krebs explained that, ‘Mirai scours the Web for IoT [internet-of-things] devices protected by little more than factory-default usernames and passwords, and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users.’
Got a question about automated systems? We've got the answers.
Is my data safe?
Probably the first thing you think, when you hear about internet security issues, is whether or not your data is safe. In instances like this, your data is still secure, since the purpose of a DDoS attack is the prevent access to a service, rather than capture personal information.
Oh, and you’re totally to blame for all of this. Sort of.
It’s not really your fault – you weren’t to know your little old laptop could break the internet, and we promise we’re not blaming you. But those botnets we mentioned earlier are generally installed on computers that have been infected with malware downloaded from dodgy sites and emails. The malware sits there, like a Trojan Horse, where it awaits orders from a central server like a sleeper agent in a Tom Clancy novel.
And then it strikes, using thousands of innocent IP addresses to surge the targeted network.
The recent attack on Dyn is a fine example of why security matters. Looking at the way the Mirai malware gains access to devices, we can see that changing your passwords regularly and scanning computers, both personal and professional, with anti-virus software can help prevent attacks such as these. It might not stop them from happening, but it’ll make life just that little bit harder for those intent on downing websites using this method.
How to prevent a DDoS attack
As we said, when a DDoS attack hits, it can be ludicrously difficult to stop it from overloading your server – which, in turn, stops people accessing your site, costing you money and consumer trust. In a 2014 study conducted by Incapsula, it was estimated that these sort of attacks cost companies $40,000 every hour. They also revealed that while 45% of companies are attacked, IT groups take the largest financial hit, with two-thirds of all attacks last longer than six hours.
So what steps can you take to ensure you’re covered, as best as you can be?
- Monitor traffic frequently
If you know what your website traffic is typically like, you’ll be that much more attuned to an unexpected influx, which might be the first sign that you’re under attack. By acting early, you can mitigate the impact or ready yourself for downtime. It’s not ideal, but at least it’s not unexpected.
- Automated mitigation
There are tools out there which can monitor your traffic flow themselves. When they notice something isn’t right, they’re able to use BGP (border gateway protocol) to channel the more malicious elements away from your site.
- Contact your ISP
Think you’re being attacked by DDoS? Get in touch with your ISP and inform them – if they’re not being attacked themselves, they may isolate your site, and prevent it happening to others. If you run your own server, though, then you’re much more at risk, since using a hosting centre means having that much more bandwidth the withstand the attack. It also means that your corporate LAN, which deals with emails and VoIP, should still work.
- Bandwidth oversubscription
Oversubscribing on your bandwidth is a fine way to ensure you’re prepared, since it allows more traffic to your site without shutting it down. It might not stop a strong DDoS barrage, but for smaller attacks, you should be able to stave off the threat.
- Use a SaaS Provider with Good Defences
This one’s a little more personal: As a software house, we take technology seriously. We were once attacked in a similar fashion – we learned our lessons, and took steps so that, in future, we can side-step the issue and maintain full operational capacity.
- Don’t be Amazon
Just kidding. It’s true, though, that the bigger the company, the more likely you are to come under heavy DDoS attack. As a larger target, there’s more prestige, not to mention the possibility of extortion, in the hacker community should they manage to take your site down – that’s why Sony’s PlayStation servers are famous for being frequently targeted.
If we’ve learnt anything from the latest DDoS debacle, it’s that it doesn’t matter how big or small you are, we’re all susceptible to online attacks – yes, even you Netflix, with your goldmine of trashy B-movies. But while it may be frustrating not being able to watch that Liam Neeson action movie or order a Three Wolves Moon t-shirt with free shipping, there is some good to come out of the attacks.
It once again places internet security at the forefront of people’s minds. It prioritises the need to assess your own security levels, whether your personal computer or professional network – because while DDoS attacks aren’t going to end any time soon, there are steps you can take to prepare yourselves and your company’s online infrastructure.
We may not deliver canine-based apparel, like Amazon, but as a dedicated software specialist, we can deliver training management software that won’t let you down. Contact us for more information and to book a free demo.
Thinking about transitioning to a new software supplier? Check out our handy guide right here.
You may also like: