Distributed Denial of Service (DDoS) attacks have been around for 20 years, but they are still a powerful weapon in the hacker’s arsenal, with attacks tripling in size during the third quarter of 2020.
DDoS Mitigation strategies are more important than ever as growing threats in August and September were part of ransom demand campaigns targeting multiple industries, Akamai said.
The FBI released a flash warning on Aug. 28, 2020 regarding the ransom DDoS attacks, saying they “observed a cyber criminal RDoS extortion campaign targeting institutions worldwide in the financial, retail, travel and e-commerce sectors.” Richard Meeus, director of security technology and strategy at Akamai, said in a Sept. 29 webinar that DDoS attacks per day have increased from one million in January to three million in September.
Akamai Security Intelligence & Threat Research said in October that the threat was still active. “This extortion DDoS campaign is not over,” Akamai said, “Just like a good poker player will change their style to throw off an opponent trying to decide on a bet, the criminals behind this campaign are changing and evolving their attacks in order to throw off defenders and the law enforcement agencies that are working to track them down.”
What are DDoS Attacks?
A basic DDoS attack is an attempt by hackers to crash or bring down websites and servers by overwhelming them with traffic and information requests. In DDoS attacks a series of data packets are sent to targeted computer systems at a very fast speed, thus halting the server’s ability to respond or completely crashing them.
These attacks are often used as a diversion tactic to allow bad actors to steal data and information while the company is busy responding to the DDoS attack. DDoS attacks can be massive with Forbes reporting in 2017 that one attack used a botnet of more than 100,000 Android devices located across 100 countries in a coordinated attack.
Three types of DDoS attacks are:
- Volume-based: Network capacity for a targeted system is brought down by a huge number of requests across a variety of ports.
- Application-based: Web server software or application software vulnerabilities are used to crash servers.
- Protocol-based: Packets are designed to make servers wait for non-existent responses during regular handshake protocols, thus tying up the targeted servers.
FBI Recommended DDoS Mitigation Strategies
The FBI in its August flash warning recommended some DDoS Mitigation strategies:
- Enroll in a DDoS Mitigation Service that detects abnormal traffic flows and redirects traffic away from your network.
- Consider throttling UDP packets with lengths greater than 468 bytes that are sourced from known amplification ports, such as: 1-1023, 1194, 1434, 1900, 3074, 3283, 3702, 5683, 11211, 17185, 20800, 27015, 30718, 33848, 37810, 47808. Note that rate-limiting these ports may cause loss of functionality on production networks; therefore, you should test these changes on a non-production network and advise all customers before deploying this mitigation. Pay special attention to recursive DNS servers, which may need to receive large responses from port 53.
- Actively monitor inbound email traffic sent to executives and the email address(es) associated with your organization’s American Registry for Internet Numbers for ransom demands, which may be indicative of a forthcoming attack.
- Configure network firewalls to block unauthorized IP addresses and disable port forwarding.
- Create a partnership with your local ISP prior to an event and work with your ISP to control network traffic attacking your network during an event. The ISP may retain forensic data necessary for law enforcement investigations.
- Ensure all network devices are up to date and security patches are incorporated when available.
PS Lightwave is Prepared for DDoS Attacks
PS Lightwave added new monitoring tools several years ago to better detect DDoS attacks.
Swen Wulf, Senior Director of Network Engineering, said, “The security tool analyzes netflow data from our core routers in real-time and detects and issues an alarm based on abnormal activity to alert NOC staff to take a closer look.”
PS Lightwave also monitors trunk links and alarms are produced when a given threshold is breached. Contact PS Lightwave today to find out how its cyber security measures can help protect your company or organization.
PS LIGHTWAVE provides high-speed, fiber Internet for public and private commercial entities in the Greater Houston and surrounding areas.
Through our high-quality infrastructure, innovative technology and expert, locally based support, we deliver not only the best in connectivity and reliability but in scalability and redundancy. We invite you to learn more about our services, our history and our dedicated team.