DDoS attacks are not new, but 2016 marked a rise in their sophistication and magnitude. Last year witnessed a number of prominent distributed denial of service (DDoS) attacks, including one attack against DNS provider Dyn. This attack leveraged a Mirai botnet of 100,000 infected devices and caused several high-profile websites including Spotify and Twitter to go offline for several hours1.
Naturally, there’s a concern that such threats will continue to intensify this year. Deloitte, for instance, warns that 2017 will be a crisis year for DDoS attacks, with a greater frequency, scale and severity of attacks than in years prior. In fact, they expect over 10 million DDoS attacks in 2017, with an average attack size of 1.25 to 1.5 gigabits per second!2
The numbers are certainly alarming. But instead of panicking at the statistics, organizations will be better off if they understand what is causing the recent upsurge in DDoS attacks, and what defensive measures they should take to mitigate the threat.
What’s causing the upsurge in DDoS attacks?
One major factor responsible for the increase in DDoS attacks is the growing number of Internet of Things (IoT) devices, such as smart security cameras, smart televisions or even smart thermostats, which are insecure and can therefore be integrated far more easily by hackers into a botnet than computers, servers or smart phones. The Mirai botnet attack mentioned earlier leveraged precisely these sorts of IoT devices.
Another factor is the significant increase in bandwidth capacity and broadband speeds in recent years, especially in the West. With greater speed and bandwidth available, hackers can send more data quicker with the devices they hijack for their botnets.
Lastly, especially on the Dark Web, there are many easy-to-use malware tools available, such as Mirai, which even relatively inexperienced hackers can employ and launch attacks with3.
How can organizations defend against DDoS attacks?
Here are several ways organizations or businesses can lower the risk of being affected by DDoS attacks.
Choosing a cloud service provider that provides robust anti-DDoS protection
Organizations nowadays store much of their data and applications on the cloud. To protect their online assets from malicious attacks, organizations should pick cloud service providers that provide robust anti-DDoS protection as part of their service. Alibaba Cloud, for instance, offers basic anti-DDoS protection to all of its users free of charge. Furthermore, unlike some other cloud providers, Alibaba Cloud’s security features are developed in-house rather than by third parties, which allows Alibaba Cloud to ensure maximum levels of security.
Dispersing the location of data
It’s recommended that organizations don’t store all of their data on a single server or data center. When a large amount of data is concentrated in a single location, it is easier for hackers to identify and select as a target for DDoS attacks. Data should thus ideally be decentralized and dispersed in multiple locations, for example by keeping sensitive and non-sensitive data in different zones.
Analyzing incoming traffic patterns
Any incoming traffic to an organization’s servers should be closely monitored, particularly when there is a surge of traffic. Any substantial surge of traffic coming from a new geographic location should be viewed with caution and may indicate a potential DDoS attack. An experienced IT team should be able to determine whether this is the case.
Utilizing blacklists and whitelists
Once illegitimate and harmful traffic has been identified, it should be added to a blacklist and blocked. A blacklist prevents access to a network from any IP address on the list. A whitelist provides a similar function, except it allows (rather than blocks) IP addresses on the list to access the network. Both blacklists and whitelists can mitigate against DDoS attacks by filtering traffic and keeping intruders out. However, it’s important to make sure that legitimate traffic is not accidentally blocked through these lists.