By Harish Kumar GS, Head of Sales, India and SAARC, Check Point Software Technologies
In today’s age of attacks, organisations are being battered in many different ways – from ransomware, to hacktivism attacks, to even DDoS attacks, the main aim is to either steal data, credentials or to cause disruptions to the business and services, such as can be seen with DDoS attacks.
A Distributed Denial of Service (DDoS) attack represents an extreme utilization of an online service. To illustrate, consider a website designed to manage a specific number of requests per minute. When this threshold is surpassed, the website’s functionality diminishes, or it might become entirely unreachable. This surge in demand can occur due to malicious attacks or even legitimate scenarios, like an e-commerce site being inundated on Black Friday or a ticket sales platform crashing during the release of tickets for a highly anticipated event.
Overall the cloud is certainly making it easier to launch DDoS attacks. The bad guys utilize innovation just as well or better than the good guys! Current trends include reflection and amplification attacks based on TCP, hyper volume attacks driven by powerful bots and activity driven by hacktivist campaigns. India has witnessed a surge in DDoS attacks, with a notable incident occurring in April 2023. During this event, a hacker collective known as Anonymous Sudan executed a coordinated cyberattack targeting six prominent Indian airports and healthcare facilities. The attackers deployed a specialized DDoS Python script, operating autonomously. This script’s primary function involved identifying open proxies on the internet and initiating approximately 5 million connection requests through its script executions.
India continues to see continuous DDoS attacks, with the main aim of disturbing and disrupting the services or business of the organization being attacked, crippling their online presence and services due to the hours or even days of downtime. This could detrimentally impact revenue, damage customer trust and lead to a negative reputation of the organisaion. In some countries, the victim organization could even be subject to legal and regulatory repercussions, especially if citizen or customer data is compromised.
Understanding a DDoS attack
In general, there are three types of cloud-based DDoS attacks; volumetric, protocol and app layer. What’s important is to understand is that they each have their own characteristics and require different means of mitigation.
Many experienced MSPs have advanced DDoS filtering and defenses in place. Additionally, cloud providers are constantly adding and improving their DDoS detection and mitigation capabilities. Obviously, these are key criteria you should evaluate and compare when selecting your cloud provider(s).
Customers need to understand if they are under a DDoS attack. Customers need to be able to deploy mitigations during an attack. Customers need to be constantly monitoring their systems during an attack and should add granular configurations to prevent attacks. Custom policies based on Geo, URI, IP headers, and source and destination IP will also help. Of course, they also need to have a comprehensive response and disaster recovery plan. And, it’s recommended organizations practice the plan too!
Preventing DDoS attacks
There are several things organizations can do to prevent DDoS attacks. What might be the most important is understanding your normal network traffic patterns to accurately determine if you are under attack. Of course, making your network as resilient as possible through redundancy is critical. Having plenty of bandwidth always is a plus. And the importance of good cyber hygiene can’t be overstated. Patch, patch, patch. Have a solid cyber-education and training program for employees. Threat intelligence is also critical to detecting traffic anomalies. Use CAPTCHA there are more bots than ever and there are only going to be more in the future (and they will be more powerful too).
A sound DDoS mitigation solution must provide scalability in order to absorb large volumes of traffic and adapt as the traffic patterns changes. A solution with a global view and footprint is key. It seems obvious, but a sound cyber security foundation is critical. All DDoS specific mitigations are built ‘on top’ of this foundation. Granular filtering and routing using firewalls and WAFs is essential.
In today’s 24x7x365 hyper-connected world, where our dependencies and utilization of digital technologies have reached unprecedented levels, and continue to increase, organizations will be best served by finding and aligning with a security partner. Unless your primary business is cyber security or you have unlimited budget, get an expert cyber security partner.