Shibu Paul has 25 years of experience in the field of Digital transformation – IT, IS and telecom – having worked with Sify Ltd, British Telecom Global services (India) and BT Americas in various roles. He was part of the team that launched the first IP network, first private ISP and first Certifying Authority in India. He joined Array in 2009 as country sales head and progressed to leadership positions including Country Manager and Regional Director-APAC. In his current role, he is instrumental in driving the business for Array in the region, and setting up end-to-end operations including a strong channel, robust technical team, and solid support infrastructure for Array customers worldwide.
Distributed denial of service (DDoS) attacks is a cybercrime where hackers employ malware-infected devices to exhaust the server or application’s bandwidth. This impairs business-critical applications, resulting in downtime, monetarily loss, and worse – loss of user trust.
During the pandemic, these crimes skyrocketed as the businesses scrambled to adapt to the new normal. While the attack has a low barrier to entry for threat actors, it impairs businesses with significant reputational damage. So how can you protect your business against these crimes amidst the evolving threat landscape? The answer lies in awareness. Keeping abreast of the types of attacks and employing mitigation strategies is the key to mitigating these attacks and safeguarding your business.
Understanding Types of DDoS Attacks
The DDoS attack is conducted with the sole aim to eat up the application or server resources, disabling it to respond to even legitimate traffic. In some cases, server attacks cripple the business-critical applications, halting daily operations and disturbing client-facing applications. Even though the driving force behind these attacks is monetary, it’s not always the case. Other reasons hackers conduct these crimes could be revenge, cyber warfare, or hacktivism. Regardless of the motivation, it’s the onus of the IT teams to shield the business-critical resources and applications to maintain continuity and integrity. So broadly speaking, here are three types of DDoS attacks:
- Volumetric
It’s known to be one of the most destructive and common attacks. In this scenario, the hackers exhaust the network traffic by employing malware-infected devices (like cameras and IoT) to send countless requests to the network.
This surge in requests creates traffic congestion, disabling the ability to respond to legitimate network requests.
Bits per second (bps) is the industry standard to measure the magnitude of this attack. Common types of volumetric attacks include User Datagram Protocol (UDP) and Internet Control Message Protocol (ICMP) floods. These two attacks are connectionless and use techniques like amplification and reflection to overwhelm a network.
- Protocol Attack
This attack targets the server’s resources and aims to exhaust them. Additionally, it can target the server itself or the intermediate devices like the firewalls.
Finally, the threat actor sends a successful malicious connection request, and its magnitude is measured in packet per second (PPS). SYN flood, ping of death, and Smurf DDoS are common types of protocol attacks. These attacks aim to connect with the host computer by sending numerous SYN packets using spoofed IP addresses.
- Application Layer Attacks
Business web applications are the target of this type of attack. The threat actor sends countless, seemingly legitimate requests that flood the webserver, completely exhausting the application’s CPU and memory resources.
Hackers carrying out this attack can consume all the resources and crash the server. HTTP GET/POST is one of the common types of application attack which can be carried out without spoofing or reflection techniques, requiring less bandwidth to weigh down the target’s server or application. The magnitude is measured in request per second (fps).
How to Mitigate DDoS Attacks?
Now that we’ve seen the types of attacks, it’s integral to understand how to protect your business from evolving threats and attacks. Since hackers are constantly looking for new ways to exploit business resources and applications in one way or the other, it’s integral to stay abreast of the threat landscape and plan to prevent these crimes.
- Reduce Surface Attacks
Reducing the surface is like closing doors where no visitor is expected to arrive. When most of your applications are exposed, you naturally possess more threats. Thus it’s vital to reduce the surface (or the exposed applications).
Reducing the surface in terms of applications means minimizing the areas of attacks and building protection in the same place. Furthermore, you should ensure your resources or applications are not exposed to ports, protocols, or applications in places where no communication is expected.
This reduction of possible attack points will give you ample time to focus on protecting other critical applications.
One example of building protection could be protecting your applications behind a load balancer to mitigate a surge in malicious traffic and intelligently managing load.
- Tell Apart Normal Traffic from the Abnormal One
One of the most important tasks of creating a DDoS mitigation strategy is to tell which traffic is normal and abnormal based on various parameters set.
This also helps you safeguard your business-critical applications and resources at the very early stage of the attack. Finally, some advanced security devices help identify malicious traffic by analyzing each packet.
- Plan Your Security Infrastructure
Your data center is the backbone of your security posture. So building an infrastructure based on your requirements, type of business, and business-critical applications are vital.
A sound security infrastructure takes care of scalability, off-season traffic, a surge in traffic, and other critical factors. This will not only help you mitigate those risks but also warn you of them ahead of time.
For example, the web application firewall is the first line of defense, and it monitors the traffic coming to your applications. Furthermore, the intelligence of firewalls also helps in blocking malicious traffic, protecting your business from malicious intentions.
- Protection Lies in Prevention
As with every sound cyber security strategy, the key to success lies in preventing the crimes.
Unfortunately, it’s seen in the recent attacks, like DDoS, that hackers target companies with unprotected or vulnerable applications and extort handsome fees.
Therefore, if you own an internet-facing web application, constructing a defense plan or incident response plan is necessary.
Conclusion
DDoS attacks are one of the most common and dangerous attacks for businesses. Hackers employ one of the strategies to eat up or exhaust the resources or application of the target, making it non-responsive to legitimate requests.
Thus, it’s integral to stay abreast of the types of DDoS attacks, mitigation strategies, and the threat landscape.
Furthermore, the hybrid working mandates protecting your devices, and employees from these kinds of crimes.
Security devices like web application firewalls can help in supporting your infrastructure. Finally, prevention is the best strategy for mitigating these crimes, thus having your guards up at all times helps in preventing these attacks from disturbing business operations.