{"id":5914,"date":"2020-11-15T09:25:25","date_gmt":"2020-11-15T07:25:25","guid":{"rendered":"https:\/\/tekmart.co.za\/t-blog\/?p=5914"},"modified":"2020-11-15T09:25:27","modified_gmt":"2020-11-15T07:25:27","slug":"any-online-business-a-target-of-ddos-attacks","status":"publish","type":"post","link":"https:\/\/tekmart.co.za\/t-blog\/any-online-business-a-target-of-ddos-attacks\/","title":{"rendered":"Any online business a target of DDoS attacks"},"content":{"rendered":"Reading Time-approximately:<\/span> 3<\/span> minutes<\/span><\/span>\n

Any business that is online is susceptible to denial of service attacks and should ensure it has the capability to mitigate such attacks, says an industry practitioner who explains how<\/strong><\/h2>\n\n\n\n
\"Warwick<\/figure>\n\n\n\n

By Warwick Ashford,<\/a>\u00a0Senior analyst<\/p>\n\n\n\n

Any online business or application is vulnerable to\u00a0distributed denial of service\u00a0(DDoS) attacks, according to Harshil Parikh, director of security at software-as-a-service platform firm, Medallia.<\/p>\n\n\n\n

However, there are ways of detecting and mitigating DDoS attacks that any business dependent on the internet can and should use, he told the\u00a0Isaca\u00a0CSX Europe 2017\u00a0conference in London.<\/p>\n\n\n\n

It is important that such organisations take time and effort to build their DDoS defence capabilities, he said, because DDoS attacks are fairly easy and cheap for attackers to carry out.<\/p>\n\n\n\n

\u201cWith the advent of botnet-based DDoS attack services that will be effective against most companies, anyone can target an organisation for just a few bitcoins,\u201d said Parikh.<\/p>\n\n\n\n

\u201cCompetitors and even disgruntled employees are able to carry our DDoS attacks that can result in loss of reputation as well as lost business worth a lot more than the attacks cost,\u201d he said.<\/p>\n\n\n\n

While loss of service capability and loss of income are the greatest risks associated with DDoS, especially for SaaS providers, Parikh said DDoS is also often used as a distraction.<\/p>\n\n\n\n

\u201cAttackers commonly use a DDoS attack to distract security professionals from the fact that data exfiltration or other malicious activity is being carried out at the same time,\u201d said Parikh.<\/p>\n\n\n\n

There are three main types of DDoS attacks that are likely to face organisations. These are volumetric attacks, computational attacks and application logic attacks.<\/p>\n\n\n\n

Volumetric DDoS attacks are the most common, and while they are the easiest to carry out, they are also the easiest to detect and mitigate, said Parikh.<\/p>\n\n\n\n

These are typically\u00a0user datagram protocol\u00a0(UDP) floods,\u00a0internet control message protocol\u00a0(ICMP)\u00a0floods, and UDP amplification attacks.<\/p>\n\n\n\n

Because volumetric attacks have been around the longest, Parikh said tools for identifying them are fairly mature and include Netflow and sFlow-based alerts, signature-based alerts, and resource utilisation metrics.<\/p>\n\n\n\n

\u201cPlease note that alerting systems need to be in a separate datacentre to the one in which the systems being monitored are located because if they are the same location, the alerting system will be ineffective as it will also be affected by the same DDoS attack,\u201d he said.<\/p><\/blockquote><\/figure>\n\n\n\n

Computational DDoS attacks<\/strong><\/h3>\n\n\n\n

Computational DDoS attacks focus on overwhelming the computing capacity of the targeted devices. Instead of saturating the pipes, these attacks saturate\u00a0central processing units\u00a0(CPUs)\u00a0and firewall state tables, said Parikh.<\/p>\n\n\n\n

\u201cThese attacks are becoming commercialised on the dark web and therefore more prevalent, especially where the\u00a0transport layer security\u00a0(TLS)\u00a0or\u00a0secure sockets layer\u00a0(SSL)\u00a0protocols are being used because cryptography is fairly resource intensive, so all the attacker has to do is to escalate that exhaust compute capacity,\u201d he said.<\/p><\/blockquote>\n\n\n\n

Other attacks in this category include\u00a0SYN floods,\u00a0DNS\u00a0floods\u00a0HTTP\u00a0\u00a0floods, and ways to monitor them include signature-based alerts, CPU utilisation alerts, and statistical anomaly based alerts.<\/p>\n\n\n\n

\u201cIt is also important to train system administrators and members of the operations team how to identify and respond to the different types of DDoS attacks,\u201d said Parikh.<\/p>\n\n\n\n

Application logic attacks are typically specific to an application, they are the most difficult kind of DDoS attack to carry out, but they are also the most difficult to mitigate.<\/p>\n\n\n\n

\u201cAttackers have a lot of work to do in identifying applications and weaknesses in them to exploit, but once this is done, these attacks can be extremely effective because they are difficult to identify as they often look like quality issues,\u201d said Parikh.<\/p>\n\n\n\n

Utilisation alerts<\/strong><\/h3>\n\n\n\n

These attacks can be monitored using threat, memory and CPU utilisation alerts, he said, again emphasising the importance of training system administrators, who can \u201cplay a vital role\u201d in detecting and mitigating such attacks.<\/p>\n\n\n\n

The most important thing for businesses to do, said Parikh, is to understand their exposure through threat modelling.<\/p>\n\n\n\n

\u201cOnce you understand your exposure, think about each risk and how to mitigate it, but there is no such thing as 100% protection, so the objective is to limit the impact,\u201d he said.<\/p><\/blockquote>\n\n\n\n

It is also useful for businesses to identify capacity limitations of devices, to ensure they are logging the right events, to ensure that everyone in the incident response team knows what to do, and to conduct regular tests of DDoS mitigation capabilities.<\/p>\n\n\n\n

Testing DDoS mitigations<\/strong><\/h3>\n\n\n\n

According to Parikh, few organisations do a good job when it comes to testing DDoS mitigations by running regular DDoS simulations. \u201cIt is very important to check that all the mitigations you have put in place are working as intended,\u201d he said.<\/p>\n\n\n\n

It is also important not to think that having bandwidth capacity provides protection, said Parikh, because businesses also need the ability to filter out the bad traffic.<\/p>\n\n\n\n

\u201cTraffic scrubbers can be on-premise, in the cloud, or businesses can use a combination of the two, paying only for cloud services when a DDoS attack is underway,\u201d he said.<\/p><\/blockquote>\n\n\n\n

Finally, he said organisations should not forget\u00a0layer 7\u00a0(application layer) controls, especially if they provide\u00a0SaaS\u00a0applications or any other cloud platform.<\/p>\n\n\n\n

\u201cIntegrate DDoS into your incident response plans, ensure everyone in the team knows what to do and who to call, and test, test, test,\u201d said Parikh.<\/p>\n","protected":false},"excerpt":{"rendered":"

Reading Time-approximately:<\/span> 3<\/span> minutes<\/span><\/span>Any business that is online is susceptible to denial of service attacks and should ensure it has the capability to mitigate such attacks, says an industry practitioner who explains how By Warwick Ashford,\u00a0Senior analyst Any online business or application is vulnerable to\u00a0distributed denial of service\u00a0(DDoS) attacks, according to Harshil Parikh, director of security at software-as-a-service platform firm, Medallia. However, there<\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,30,54,3,167,95],"tags":[],"class_list":["post-5914","post","type-post","status-publish","format-standard","hentry","category-datacenter-news","category-expert-advise-and-opinion","category-hackers-and-cybercrime-prevention","category-industry-news-and-expert-advise","category-information-security-threats","category-timeless-tips"],"_links":{"self":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/5914","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/comments?post=5914"}],"version-history":[{"count":1,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/5914\/revisions"}],"predecessor-version":[{"id":5915,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/5914\/revisions\/5915"}],"wp:attachment":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/media?parent=5914"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/categories?post=5914"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/tags?post=5914"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}