How to secure your business against DDoS Attacks
Article by NCC Group director of technical security consulting for Asia Pacific Tim Dillon.
It’s the time of year when things get busy, even during a pandemic. This time of year sees a flurry of activity, with most of it being performed online in 2020. We’re hitting the period for:
• National, cultural and religious holidays (and holiday planning)
• Footy final season and spring racing
• Online shopping and all the year-end Sales
With the upward trend of DDoS attacks this year, and an increased dependency on online channels across all industries, businesses need to be prepared, so they don’t suffer any disruption.
The following planning could help your organisation prevent an extortion-based DDoS attack:
Use a content delivery network (CDN) like Akamai, CloudFront, CloudFlare or Google Project Shield.
Fronting your infrastructure behind a super tech’s cloud infrastructure is likely the easiest way to mitigate this attack. Additionally, beware of attackers bypassing content delivery security. If an attacker can identify your ‘origin server’, it could render the CDN DDoS mitigation useless.
Apply security patches
Denial-of-service related vulnerabilities are often overlooked. However, if an attacker is targeting your application and identifies a vulnerability in your infrastructure, it will likely be exploited. Vulnerability assessments and penetration testing can often help identify these vulnerabilities.
Protect resource-intensive application layer requests
At the end of 2019, Kaspersky noted a rise in ‘smart’ DDoS attacks, focusing on the application layer and carried out by skilled attackers. Attacks are designed to consume application resources as opposed to network bandwidth. To help mitigate this attack, identify and protect functionality in the application - for example, implement a CAPTCHA.
It is common for attacks to exploit the domain name system (DNS) of the victim. A DNS flood DDoS attack will attempt to disrupt the victim’s DNS to prevent the return of the address needed to route legitimate users.
Hardening your DNS servers and using a service that provides DDoS protection is the best approach.
Consider DDoS resilience in the design for any Internet exposed services
This is a threat model that is often overlooked. For DDoS attacks targeting online IP telephony, Voice over Internet Protocol (VoIP), consider separating voice and data traffic.
Ensure your incident response plan, or specific incident response playbook is up to date to address DDoS attacks
Exercise the DDoS scenario with your crisis management or incident response team at least annually. Relatively frequent boardroom table-top simulation will ensure your team is ready and experienced to respond to an attack.
If you do have DDoS protection services or other DDoS mitigation controls, ensure you test your critical services before being targeted.
If you do fall victim
Lastly, if a ransom DDoS attack targets you, never reply to extortion messages, even to deny the payment. If you need help during a DDoS attack, you can call NCC Group’s global emergency hotline on 1800 975 310.
NCC Group is one of two organisations in the world authorised as an AWS DDoS Test Partner and is authorised to conduct DDoS simulation tests on behalf of AWS customers without prior approval.