Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

How to Stop a DDoS Attack Without Sabotaging Your Own Network

DDoS Attacks Are Becoming More Advanced With the Aim to Obfuscate Network Processes

DDoS Attacks Are Becoming More Advanced With the Aim to Obfuscate Network Processes

Distributed denial-of-service (DDoS) is considered one of the ‘original’ network-based cyberattacks and for good reason. One of the earliest known DDoS attacks occurred 20 years ago and was targeted at the University of Minnesota. It used a script that caused more than 100 computers to send junk packets out to the network, which overwhelmed it and knocked out the university computer. With the success of this attack, it was not long before we saw copycat attacks occur at websites like Yahoo, Amazon and CNN.

Fast forward to 2019 and DDoS is still here. We’ve seen some large scale attacks in the ensuing years, with some of the more famous ones including Spamhaus in 2013, the massive GitHub outage in 2018 and the attack on DNS provider Dyn, which used the Mirai botnet and took Twitter, Netflix, CNN, Reddit and many other big name sites offline. These attacks targeted network services and were broad scale in their effect. 

More recently, we’ve seen a shift as attackers move away from simply sending out broadcast traffic for massive disruption toward more complex and targeted attacks operating at the application layer of the network, with the ability to take down specific applications or services. These attacks are more complex to detect since the traffic looks legitimate but they can be more damaging because the end result is loss of business due to application unavailability. 

To properly protect your network from DDoS attacks, there needs to be both automated network monitoring at the edge to detect abnormal activity and perimeter protection through firewalls. This combination is the best way to ensure networks stay up and running, while keeping harmful traffic at bay. 

Attacked from all angles

Advanced DDoS attacks can come from distributed sources rather than a single IP, making them challenging to identify. For example, in a Layer-7 DDoS attack, the botnet used will make many thousands of requests to an application service – such as the login page – but not necessarily try to authenticate. Each of these requests must be serviced by the application APIs, taking up compute power. The result is that the application API is overwhelmed with requests, fails and takes the service offline. However, a scalable monitoring system at the network edge can quickly adapt to the size of the attack and route to the appropriate security infrastructure. 

Information at risk

Advertisement. Scroll to continue reading.

Another consideration is that a DDoS attack may not just be launched to take services offline but to compromise information. Attacks are becoming more complex – they may be smokescreens intended to cause confusion and provide attackers with the opportunity to steal data from the network. This theft may not be noticed until after the DDoS has been mitigated or stopped and, by that time, it is too late. The damage has been done. 

As these attacks become more advanced with the aim to obfuscate network processes, it’s critical that the proper detection tools are in place to reveal malicious behavior. This can be achieved through real-time filtering that separates normal network activity from at risk behavior. 

CAPTCHA isn’t a catch-all

As mentioned, the Mirai botnet was first used in 2016 for a number of high-profile DDoS attacks and is still in use today. It relied on weak usernames and passwords to gain access to IoT devices, which could then be used to generate massive scale DDoS attacks. For user applications, such as email or social media, it’s possible to use techniques such as CAPTCHA or Text Message Verification to prevent unauthorized access. However, there are many hundreds of millions of IoT devices, controlling everything from electricity to hospitals, for which these methods are not suitable. 

These are not user-interfaced devices and cannot be treated as such. Leveraging data from the network makes it possible to monitor the behavior of IoT devices. If the devices start behaving unusually – for example, by broadcasting the network or attempting to send connection requests to application services – then security policies can be applied automatically and the security team alerted.

Developing your DDoS strategy 

Businesses today need a DDoS prevention strategy that accounts for these attack vectors and provides protection in places where there is little to no human interaction. At minimum, this includes automated detection and threat routing. As DDoS attacks continue to grow, manual intervention is no longer an option.  

With the opportunity and capacity that’s now being offered by the transition to cloud and upcoming 5G networks, there will also be even more chances for cybercriminals to launch massive scale DDoS attacks on online services. Whatever the target, no matter the intended result, all traffic that’s involved in an attempted DDoS attack must traverse the network and gain entry through network devices. The network needs to be better protected against these volumetric scale attacks and the best place to start is by leveraging intelligence at the network itself.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.