Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

ICANN: Reporting a DDoS Attack Requires Thought and Speed

In a post on the ICANN blog, Dave Piscitello outlined some essential tasks for organizations to take should they find themselves the victim of a DDoS. Regardless of the reason for the attack, speed is the one thing that will make all the difference in mitigation and recovery.

In a post on the ICANN blog, Dave Piscitello outlined some essential tasks for organizations to take should they find themselves the victim of a DDoS. Regardless of the reason for the attack, speed is the one thing that will make all the difference in mitigation and recovery.

“The shared nature of the Internet infrastructure – whether hosting, DNS, or bandwidth – puts many merchants or organizations at risk of becoming collateral damage, as well. If you find that your site or organization is under attack, it’s important that you report such attacks quickly to parties that are best positioned to help you mitigate, weather, and restore normal service,” the ICANN post explains.

According to Akamai, DDoS attacks more than tripled in 2012 when compared to the volume a year previous. In the fourth quarter alone, 768 Akamai customers reported such attacks, with commerce being the hardest hit of all the market segments – followed by media and entertainment, financial institutions, high tech and public sector firms.

“In many ways, DDoS has become the weapon of choice for multiple types of attackers, from political activists to criminals, and potentially even nation-states,” Akamai said.

Akamai’s finding seem to align with those reported by NeuStar last week, when the company said that 35% of organizations surveyed experienced some sort of disruptive DDoS attack last year.

“The consequences of being unprepared to mitigate a DDoS attack can be crippling to businesses,” Alex Berry, a senior vice-president of enterprise services at Neustar, said in a statement.

Avoiding such crippling problems is what ICANN is attempting to do in their post. As a first line of defense, the post says to reach out to the service providers such as the ISP or the NOC that handles the hosting. But that only works if you know the provider’s emergency contact numbers or have access to the support staff that deals with such attacks. Thus, if such information isn’t readily available, it needs to be.

“If you cannot find contacts, or if the contacts you find are unresponsive, try contacting a Computer Incident, Emergency, or Security Incident Response Team (CERT/CIRT/CSIRT), or a Trusted Introducer (TI) team,” the post says. “CERT/CIRT organizations or TI teams will investigate an attack, notify and share information with hosting providers or ISPs whose resources are being used to conduct the attack, and work with all affected parties to coordinate an effective mitigation.”

If the organization believes that a crime is being committed, or if there were threats made before the DDoS attack appeared, law enforcement should be contacted. Likewise, if the services under attack are critical, such as emergency services, then law enforcement needs to be involved in the response. However, they should not be contacted to mitigate an attack.

Finally, ICANN advises organizations to collect as much intelligence as possible about the attack, including timeframes, suspicious on the nature of the attack, traffic analysis – including type and packet characteristics, changes in attack traffic, and assessments of the overall impact.

Additional details can be seen on the ICANN post, including references to additional sources of information and response planning. 

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.