“This demonstrates the fragility of the network and infrastructure.” — Shawn Henry, chief security officer, Crowdstrike
Several spectacular attacks in the past few months have demonstrated the power of distributed denial-of-service (DDoS) attacks and the importance of cybersecurity. DDoS attacks against blogger Brian Krebs, hosting provider OVH and domain name system provider Dyn crippled a reporter’s web site, shut down cloud-based customers and blocked access to major services such as Twitter, Amazon, Netflix, Airbnb and Etsy.
What can individuals and organizations do to prevent themselves from becoming an unwitting accomplice to an attack? Furthermore, what can organizations do to protect themselves?
A denial-of-service (DoS) attack allows cybercriminals to disable an organization’s Internet presence or block access to the business’s networks. Identifying these attacks are more straightforward, or at least easier to resolve, because they seem to originate from identifiable Internet Protocol (IP) addresses. The victim can then block incoming Internet traffic from the specific IPs.
When hackers launch a DDoS assault, the problem becomes much larger for two reasons:
- The number of computers performing the attack can be huge—an estimated tens of millions in the case of Dyn.
- The volume of the attack magnifies dramatically—an estimated 1.2 terabits per second in the Dyn attack, according to Chief Strategy Officer, Kyle York.
Many hackers deploy a remote access Trojan (RAT) to control usurped computers. If a hacker controlled one system and used it to attack and deny service to another organization, that wouldn’t be very effective. On the other hand, large-scale remote-control networks are often called Botnets, made up of malware (“bots”) or infected devices (“zombies”). Under direction of massive command-and-control networks, Cybercriminals use these hijacked systems to carry out a DDoS attack.
In the latest series of attacks, hackers used software called Mirai, an Internet-of-Things (IoT) Botnet. Instead of using infected home computers, they used smart devices found in everyday homes—webcams, DVRs, thermostats, TVs and refrigerators. Many IoT devices have built-in vulnerabilities, such as weak default passwords and extraneous network protocols. Mirai was able to exploit these weaknesses and launch massive data floods across the Internet.
There are numerous ways for consumers to protect against these kinds of attacks:
- Keep up to date on your vendor’s security patches. This includes Microsoft, Apple, Adobe and Google software.
- Have a currently-licensed copy of highly-rated antivirus or anti-malware software and keep the signatures current. When in doubt, check one of the sites that rank these products. This doesn’t need to be an expensive proposition—there are several free antivirus products with high ratings in the industry that suffice. Further, some Internet service providers, like Comcast, supply you with software as part of your subscription. If you or a direct family member work for the U.S. government, you are entitled to free antivirus protection as well.
- Practice vigilance on the Internet; watch for suspicious web sites or browser behavior. Also, understand that one of the largest vectors for malware is through email attachments.
- If it’s free on the Internet, it’s too good to be true—including pirate sites for downloading movies, TV shows, music, games and software.
- For your IoT devices, set them up with long, strong and complex passwords. If you can, look for services such as Telnet and Secure-Shell (SSH) and disable them. Occasionally, visit the vendor’s web sites to make sure you have the latest software for your smart devices. Lastly, when a manufacturer recalls their IoT-based product because of software insecurities, make sure you take advantage of it!
Any organization that has an Internet-facing presence could be the subject of a DDoS attack, which can be crippling, even for the largest companies. There are basic protections and mitigations any organization can invoke. These include:
- Follow industry-standard best practices:
- Be certain that each Internet-facing server only performs a single task, such as being a web server or responding to DNS queries.
- Perform system hardening by removing unnecessary services and staying current with security patches.
- Monitor your systems for signs of an attack.
- Prioritize redundancy by utilizing:
- multiple Internet service providers.
- multiple infrastructure resource servers, such as DNS on different IP networks.
- geographically-distributed data centers and processing.
- Consider using an anti-DDoS service such as Akamai/Prolexic, Amazon CloudFront or Cloudflare. Some of these organizations even offer free basic anti-DDoS products. Alternately, every major Internet service provider has services they can activate within their networks.