Has DDoS become the hacker’s No. 1 choice of attack?
Is June turning out to be the month of DDoS attacks? DDoS attacks on Evernote, Feedly, World cup websites, again Feedly, Hong Kong Voting Site…and so the list runs…prevailed. The peak of the list was attained when the social media giant, Facebook, went down for half an hour, during early hours of 19th June/Thursday last week purportedly due to a DDoS attack. This resulted in the longest downtime in the recent history of Facebook, which ensured a mass panic on the internet with people turning to rival social sites Twitter and G+ to vent their ire. A simple message greeted everyone from Facebook, which said “Sorry, something went wrong. We’re working on getting this fixed as soon as we can.” Many cited the DDoS attack to be the cause behind Facebook’s 30-minute downtime, while Facebook called it an internal software configuration error.
Let us give you an insight into what a DDoS attack actually is. A distributed denial of service attack is one in which a multitude of compromised computers attacks a single target, thereby stalling traffic for the legitimate users of the targeted system. The large flow of requests from the compromised systems, to the targeted system, essentially forces the target system to shut down or report as out of service due to bandwidth issues, thereby paralyzing the targeted system.
Major online biggies victim of DDoS attacks
DDoS attacks have rapidly become hacker’s choice of attack, with evidently many major businesses falling at the receiving end. On June 10th, Evernote, popular note-taking and web clipping saving service, became a victim of a similar attack. As a result, members were unable to synchronize their filings. The very next day, Feedly, the very popular news aggregator which provides content from various online sources at one place, was attacked. It was again, a DDoS attack, which caused the service to be unavailable for hours together. These attacks involved a demand for ransom from the attackers to which Feedly refused. At 3:07 PT, Feedly announced that the attack had been neutralized, but within hours of this, the site reported being under fire again. They were targeted by a second DDoS attack, which again caused their site to go down.
DDoS Attacks Hit the World Cup!
While football fever struck worldwide, a major DDoS attack struck the official government World Cup website, which went down for more than a day. The latest name in this list of distributed denial-of-service victims was of Hong Kong Democracy Poll, where an attack was fended off by diverting most of the traffic to sinkholes. But the problem with sink holing or black-holing is that though it diverts the traffic to a sinkhole where it is discarded, segregation between good and bad traffic cannot be done. This means that all traffic, whether good or bad, is discarded. While distributed denial-of-service is bad news for organizations, resorting to sink holing cannot be considered as an alternative.
Can you protect yourself against DDoS attacks?
Special DDoS prevention boxes can be used to thwart high-speed DDoS attacks. Many of them connect to routes upstream to figure out the origin of the distributed denial-of-service attacks and then block them. DDoS attacks can take place at both the network level and the application level. A network firewall can be used to block the traffic in case the DDoS attack is at the network level. At the application layer, technology as the only solution to block DDoS attack is very risky but can be used effectively as a suspicious distributed denial-of-service alerting mechanism with targeted rules and with human intervention for analyzing and if it is indeed a distributed denial-of-service, taking action to block it. A Managed WAF with DDoS prevention rules with right thresholds configured for raising alerts along with human intervention to act on those alerts, can be used to block the traffic in case the DDoS attack is at the application level. In other words, your WAF vendor manages the incoming traffic by its behavior profiling, which is done with the help of manual intervention. Once this is done, the appropriate security policies can be applied to mitigate a DDoS attack.
The fact that such popular websites were taken out, is evidence of the complexity level to which the cyber-attacks are increasing. It’s time we up our ante again such threats.