{"id":5912,"date":"2020-11-15T09:20:59","date_gmt":"2020-11-15T07:20:59","guid":{"rendered":"https:\/\/tekmart.co.za\/t-blog\/?p=5912"},"modified":"2020-11-15T09:26:26","modified_gmt":"2020-11-15T07:26:26","slug":"ddos-mitigation-strategies-needed-to-maintain-availability-during-pandemic","status":"publish","type":"post","link":"https:\/\/tekmart.co.za\/t-blog\/ddos-mitigation-strategies-needed-to-maintain-availability-during-pandemic\/","title":{"rendered":"DDoS mitigation strategies needed to maintain availability during pandemic"},"content":{"rendered":"Reading Time-approximately:<\/span> 6<\/span> minutes<\/span><\/span>\n

The growing prevalence of DDoS attacks combined with the increased reliance on internet connectivity during the pandemic means enterprises can no longer afford to ignore the threat of DDoS attacks. Computer Weekly explores organisations\u2019 perceptions of the risks and best practice for mitigation<\/strong><\/h2>\n\n\n\n
\"Sebastian<\/figure>\n\n\n\n

By Sebastian Klovig Skelton <\/a><\/p>\n\n\n\n

The increased reliance of enterprises on remote working and internet connectivity during the Covid-19 pandemic has, in turn, increased the disruptive potential of distributed denial of service (DDoS)<\/strong> attacks, which threaten to overwhelm business servers and network infrastructure unless proper mitigation is put in place. <\/p>\n\n\n\n

While DDoS attacks tend to be fairly unsophisticated and small in scale, they are very cheap and easy to orchestrate as they only require the attacker to send more internet traffic than the network infrastructure can handle. If successful, a DDoS attack can take entire enterprises offline in a matter of minutes and completely halt their ability to do business.<\/p><\/blockquote><\/figure>\n\n\n\n

However, many enterprises still do not perceive DDoS as a major threat, largely due to them being less frequent than other cyber attacks, as well as the perception that they are both expensive to mitigate against and carried out almost exclusively by politically motivated attackers.<\/p>\n\n\n\n

Despite their lower frequency, Nominet\u2019s chief information security officer (CISO), Cath Goulding, notes that there has been a significant uptick in DDoS attacks over the past few years, and that the scale of the attacks \u201chas gone up exponentially\u201d, meaning organisations can no longer afford to skip putting mitigating measures in place.<\/p>\n\n\n\n

Perception of risks and costs<\/strong><\/h3>\n\n\n\n

Comparing DDoS to web application layer attacks, Akamai\u2019s director of security technology and strategy, Richard Meeus, tells Computer Weekly that their frequency is \u201can order of magnitude lower\u201d.<\/p>\n\n\n\n

\u201c[Web application layer attacks] are ongoing every single day \u2013 there are millions and millions,\u201d he says, adding that Akamai recorded a three-fold increase in these sorts of attacks over the nine months since 1 January 2020.<\/p>\n\n\n\n

\u201cWhere we would see millions of WAF [web application firewall] attacks, we would see tens or hundreds of DDoS attacks \u2026 so an organisation may well go a long time and never see a DDoS attack.\u201d<\/p>\n\n\n\n

Meeus adds that, due to the prevalence of web application layer attacks, it is easier for organisations to see the benefit of investing in mitigation measures, whereas it is perceived as easier for organisations to accept the risks with DDoS attacks.<\/p>\n\n\n\n

\u201cIt is that risk balance that you have to do, and the perception is not necessarily that there\u2019s nothing we can do about it, but \u2018Is it going to be me?\u2019,\u201d he says.<\/p>\n\n\n\n

Corroborating this sentiment, Cloudflare CTO John Graham-Cumming adds that organisations may refrain from adopting DDoS mitigating measures out of a sense that it will not necessarily happen to them.<\/p>\n\n\n\n

\u201cA lot of the high-profile DDoS attacks have often had an activist or political angle to them, and so it\u2019s quite easy for organisations to say, \u2018I\u2019m not involved in something that\u2019s going to upset Anonymous, I\u2019m not doing something political so it\u2019s unlikely to happen to me\u2019,\u201d he says. \u201cThe unfortunate reality is a lot of what happens with DDoS attacks is actually just economic.\u201d<\/p><\/blockquote>\n\n\n\n

Theses economic motivations are reflected in the growing prevalence of ransom-based DDoS attacks during 2020, whereby the perpetrators ask for money to either not launch the attack in the first place or to stop one already in progress.<\/p>\n\n\n\n

\u201cThe people who do it are very well-organised, so businesses need to think about DDoS as one of the risks of the business, especially when we\u2019ve gone into this environment where people are working from home and internet connections and how we use them are so important to running the business,\u201d says Graham-Cumming.<\/p>\n\n\n\n

He adds that while DDoS mitigation has traditionally been very expensive, the increasing prevalence of cloud computing has pushed down the cost to make it much more affordable.<\/p>\n\n\n\n

\u201cThe previous model of DDoS mitigation was very much around super-specialised hardware in a limited number of locations, so it was very expensive thing to put in place \u2013 cloud has made that much more affordable,\u201d he says.<\/p>\n\n\n\n

Mitigating strategies<\/strong><\/h3>\n\n\n\n

According to Graham-Cumming, enterprises should start the process of implementing mitigating measures by conducting thorough due diligence of their entire digital estate and its associated infrastructure, because that is what attackers are doing.<\/p>\n\n\n\n

\u201cThe reality is, particularly for the ransomware folks, these people are figuring out what in your organisation is worth attacking,\u201d he says.<\/p>\n\n\n\n

\u201cIt might not be the front door, it might not be the website of the company as that might not be worth it \u2013 it might be a critical link to a datacentre where you\u2019ve got a critical application running, so we see people doing reconnaissance to figure out what the best thing to attack is.<\/p>\n\n\n\n

\u201cDo a survey of what you\u2019ve got exposed to the internet, and that will give you a sense of where attackers might go. Then look at what really needs to be exposed to the internet and, if it does, there are services out there that can help.\u201d<\/p><\/blockquote>\n\n\n\n

This is backed up by Goulding at Nominet, who says that while most reasonably mature companies will have already considered DDoS mitigation, those that have not can start by identifying which assets they need to maintain availability for and where they are located.<\/p>\n\n\n\n

Once enterprises have identified their weak points, Gould adds that they should then regularly practice their incident responses so that they understand how it would affect the organisation and its assets.<\/p>\n\n\n\n

These practice sessions can help organisations recover from an actual attack and ensure the denial of service is not being used as a smokescreen for other cyber attacks.<\/p>\n\n\n\n

\u201cWhat happens after a DDoS attack is that people try to bring their services back up again. Routers and firewalls, for example, all take different lengths of time to boot up and, unless you\u2019re following in the prescribed order, you may end up with a hole for a few minutes,\u201d says Meeus. \u201cThat\u2019s commonly where trojans are put into the network to try to exploit it.\u201d<\/p>\n\n\n\n

Choosing suppliers and the role of cloud<\/strong><\/h3>\n\n\n\n

With this understanding of their assets and how to bring them back online, enterprises should research and approach potential suppliers to figure out which would be the best fit for their needs.<\/p>\n\n\n\n

This process, according to Graham-Cumming, should start with the organisations pre-existing suppliers to see what is already in place or paid for, before moving on to more specialised firms if need be.<\/p>\n\n\n\n

\u201cAnother thing I look for if you\u2019re going to be looking for a supplier is how fast they actually mitigate an attack,\u201d says Graham-Cumming.<\/p>\n\n\n\n

\u201cA lot of what will happen with attacks is that they will come in for a short period of time, and that can be very disruptive, but you need those stopped very quickly\u2026 I would look for somebody that can stop this in seconds.\u201d<\/p>\n\n\n\n

There are two kinds of suppliers for DDoS mitigation \u2013 those that do \u2018always on\u2019 DDoS mitigation, whereby all the traffic is going through their network all the time to detect issues, and those that do \u2018on-demand\u2019, whereby a company under attack has to contact them to get mitigation started.<\/p>\n\n\n\n

\u201cOn-demand was very common, but \u2018always on\u2019 has become more common because it\u2019s a lot easier for the end user as they don\u2019t have to do anything. The mitigation happens just immediately, which reduces downtime,\u201d he says.<\/p>\n\n\n\n

For Meeus, effective DDoS mitigation starts in the cloud, which can either be done through a content delivery network (CDN)<\/strong> or by setting up a traffic scrubbing centre.<\/p>\n\n\n\n

\u201cThe CDN is effective when it\u2019s just protecting a website, so for a lot of newer organisations that rely on cloud hosting, or only have one IP address because they\u2019re like an e-commerce website and everything runs through them, then CDN is a great platform because there are lots of security layers that we can put into that to make the DDoS mitigated,\u201d he says.<\/p>\n\n\n\n

However, for older legacy companies, including firms that have lots of disparate datacentres or a hybrid set-up with services and hosting in different locations, then scrubbing centres are the better option.<\/p>\n\n\n\n

These centres can protect a firm\u2019s entire IP space, and work by looking at all traffic to determine what is \u201cclean\u201d and can be let through.<\/p>\n\n\n\n

\u201cIt\u2019s all about sitting in front of the customer in the cloud, at the edge of the internet, and getting rid of all the bad stuff before it gets in the customer\u2019s space,\u201d says Meeus.<\/p>\n\n\n\n

\u201cIf the pipe of the connection you have to the internet is one gigabit per second [Gbps], a 1.1 Gbps DDoS attack is going to take you offline \u2013 it\u2019s that simple. Realistically, you have to move the DDoS protection away from you and move it to the edge.\u201d<\/p><\/blockquote>\n\n\n\n

Gould adds that it is important to set the enterprise up to be able to record network traffic, so that when a DDoS attack does occur, information can be given to the police and used to forensically analyse the event to understand how it happened and put in place further mitigation.<\/p>\n","protected":false},"excerpt":{"rendered":"

Reading Time-approximately:<\/span> 6<\/span> minutes<\/span><\/span>The growing prevalence of DDoS attacks combined with the increased reliance on internet connectivity during the pandemic means enterprises can no longer afford to ignore the threat of DDoS attacks. Computer Weekly explores organisations\u2019 perceptions of the risks and best practice for mitigation By Sebastian Klovig Skelton The increased reliance of enterprises on remote working and internet connectivity during the Covid-19 pandemic<\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[155,142,4,30,3,167,95],"tags":[],"class_list":["post-5912","post","type-post","status-publish","format-standard","hentry","category-batting-for-tech-in-the-covid-19-times","category-covid-19-organization-mitigation-responses","category-datacenter-news","category-expert-advise-and-opinion","category-industry-news-and-expert-advise","category-information-security-threats","category-timeless-tips"],"_links":{"self":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/5912","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/comments?post=5912"}],"version-history":[{"count":2,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/5912\/revisions"}],"predecessor-version":[{"id":5916,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/5912\/revisions\/5916"}],"wp:attachment":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/media?parent=5912"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/categories?post=5912"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/tags?post=5912"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}