How to anticipate and avoid DDoS attacks?
In Belgium, more than 10.000 DDoS (Distributed Denial-of-Service) attacks happen every month. Not only is the number of these cyberattacks increasing but so is their complexity. If you have a commercial or informational website, then your business, big or small, and in any sector, is potentially at risk. A tailor-made solution, using realistic simulation tools offers the best guarantee to protect your company.
DDoS attacks are increasing in numbers and complexity
A DDoS attack is an attempt to make your resources, such as websites and networks unavailable to end users by flooding your IT infrastructure through multiple sources at the same time.
We not only see an increase in the volume and the scope of the attacks, but also in the complexity.
The average volume of requests sent simultaneously during an attack has increased from 90 Gbps in 2020 to 300 Gbps in 2021. Remote working and schooling, which both highly increased during the Covid-19 lockdowns, also mean more connections and more potential risks of security breaches.
Moreover, the attacks have become more targeted and are being combined with other attack methods.
We’re constantly facing new emerging threats. In Q2 of 2022, for example, attacks abusing the Character Generator (CHARGEN) protocol increased by 378%! This protocol intended for testing and debugging was originally defined in 1983, and had become mostly forgotten about. Upon receiving a request, the CHARGEN protocol will respond with a string of randomly generated characters. Since the size of the response is much larger than the size of the request, we speak of an amplification attack vector. If an attacker also spoofs the source IP address in the request, they are then able to point a large volume of traffic to their target while only having to send a small number of requests theirselves. An adequate protection against DDoS attacks also needs to take these kinds of risks into account.
Beware of a false sense of security
We observed three important risks when it comes to DDoS-preparedness:
- There’s an apparent false sense of security in the market, especially with companies that do have anti-DDoS solutions in place.
- There’s a lack of awareness that DDoS-countermeasures and the overall perimeter infrastructure need testing and maintenance.
- Many companies currently don’t have the right tools or services in place to test DDoS preparedness.
As you’re dealing with various sources that are disrupting your business, it requires sophisticated strategies to handle these types of attacks.
Protection against DDoS attacks: how to get started
The keyword is anticipation and making sure you have a tailor-made protection against these vicious attacks.
Thimo De Souter, Security Engineer at Davinsi Labs recommends a step-by-step plan. “Map existing infrastructure and remove any obsolete or unused systems exposed to the Internet. Critical systems must then be analyzed to determine any additional protection that’s needed. Last but not least, test the current anti-DDoS configurations in-place by using, for example, the DDoS simulation tool from Davinsi Labs.”
1. Start by identifying your crown jewels.
Identify your crown jewels. Which of your most important assets are exposed to the internet?
What is the impact on your organization when your service goes down for a minute, an hour, a day, or longer?
2. Assess your existing safety measures and what needs to be done.
Firewalls, for instance, cannot stop a DDoS attack. A firewall is not capable of dealing well with volumetric DDoS or application layer attacks. It can often distinguish good and bad traffic from each other, but most firewalls lack the capacity to continue to do so when the traffic increases. And most often, firewalls are not even relevant, because the whole bandwidth of the internet connection is fully saturated by the DDoS attack.
Effective protection against these attacks requires a solution capable of mitigating attacks at the level of the internet provider. This also needs to be complemented with an on-site solution capable of blocking application layer attacks.
3. Gain insights into your weaknesses and install tailor-made protection.
The most effective way to be really prepared against attacks is using simulations. It quickly reveals weak spots in your DDoS protection, the hardening of your perimeter infrastructure and even your incident response procedures. Once the main identified weak spots are detected and mitigated, more targeted tests can be conducted in order to reinforce your protection. In other words, making DDoS simulations a repeated process will help ensure you continually improve your security posture, even when there are changes in your perimeter infrastructure or attacker’s techniques.
How do DDoS simulations work?
At Davinsi Labs, we’ve built a Splunk-based command-and-control platform with a library of standard and custom attacks that mimic real-world attack vectors. The platform has safety controls built-in to give full control on the attack simulations. We create attack configurations, where we can specify the number of bots, their geographic location, the amount of packets per second, etc.
For example, when testing the VPN server or the homepage of your e-commerce website, individual DDoS attacks are scheduled according to a pre-arranged playbook. A real-time dashboard is made available to the customer which they can use to find detailed information on the current attack and to analyze how their systems are responding to it.
Our simulator then runs more targeted tests. The main goal is always to expose those vulnerabilities which a criminal would uncover too. This is how you stay one step ahead. After the simulation has ended, you receive a detailed report that documents the runbook, results, and our recommendations on how to mitigate successful attacks.
“Even organizations that do have anti-DDoS protections in place are often surprised by the results and fragility of their position”, concludes Thimo De Souter. “By understanding your vulnerabilities and having a clear view of your situation, you can act and protect your company accordingly. With our DDoS simulation services, we have a near 100% success rate of causing temporary or sustained impact.”