DDoS

 

 

 

 

 

Is June turning out to be the month of DDoS attacks? DDoS attacks on Evernote, Feedly, World cup websites, again Feedly, Hong Kong Voting Site…and so the list runs…prevailed. The peak of the list was attained when the social media Giant, Facebook, went down for half an hour, during early hours of 19th June/Thursday last week purportedly due to a DDoS attack. This resulted in the longest downtime in the recent history of Facebook, which ensued a mass panic on the internet with people turning to rival social sites twitter and G+ to vent their ire. A simple message greeted everyone from Facebook, which said “Sorry, something went wrong. We’re working on getting this fixed as soon as we can.” Many cited DDoS attack to be the cause behind Facebook’s 30 minute downtime, while Facebook called it an internal software configuration error.

Let us give you an insight on what a DDoS attack actually is. A Distributed denial of service (DDoS) attack is one in which a multitude of compromised computers attack a single target, thereby stalling traffic for the legitimate users of the targeted system. The large flow of requests from the compromised systems, to the targeted system essentially forces the target system to shut down or report as out of service due to bandwidth issues, thereby paralyzing the targeted system.

Major online biggies victim of DDoS attacks

DDoS attacks have rapidly become hacker’s choice of attack, with evidently many major businesses falling at the receiving end. On June 10th, Evernote, popular note taking and web clipping saving service, became a victim of a similar attack. As a result, members were unable to synchronize their filings. The very next day, Feedly, the very popular news aggregator which provides content from various online sources at one place, was attacked. It was again, a DDoS attack, which caused the service to be unavailable for hours together. This attacks involved demand for ransom from the attackers to which Feedly refused. At 3:07 PT, Feedly announced that the attack had been neutralized, but within hours of this, the site reported being under the fire again. They were targeted by a second DDoS attack, which again caused their site to go down.

DDoS Attacks Hit the World Cup!

While football fever struck worldwide, a major DDoS attack struck the official government World Cup website, which went down for more than a day. The latest name in this list of DDoS victims was of Hong Kong Democracy Poll, where attack was fended off by diverting most of the traffic to sinkholes. But the problem with sinkholing or black-holing is that though it diverts the traffic to a sinkhole where it is discarded, segregation between good and bad traffic cannot be done. This means that all traffic, whether good or bad, is discarded. While DDoS is bad news for organizations, resorting to sinkholing cannot be considered as an alternative.

Can you protect yourself against DDoS attacks?

Special DDoS prevention boxes can be used to thwart high speed DDoS attacks. Many of them connect to routes upstream to figure out the origin of the DDoS attacks and then block them. DDoS attacks can take place at both the network level and the application level. A network firewall can be used to block the traffic in case the DDoS attack is at the network level. At application layer, a technology as the only solution to block DDoS attack is very risky but can be used effectively as a suspicious DDoS alerting mechanism with targeted rules and with human intervention for analysing and if it is indeed a DDoS, taking action to block it. A Managed WAF with DDoS prevention rules with right thresholds configured for raising alerts along with human intervention to act on those alerts, can be used to block the traffic in case the DDoS attack is at the application level. In other words, your WAF vendor manages the incoming traffic by its behavior profiling, which is done with the help of manual intervention. Once this is done, the appropriate security policies can be applied to mitigate DDoS attack.

The fact that such popular websites were taken out, is an evidence of the complexity level to which the cyber-attacks are increasing. It’s time we up our ante again such threats.

Founder & Chief Marketing Officer, Indusface

Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.