2016 saw distributed denial of service attacks on an unprecedented scale. We can only expect the trend to get worse this year.
DDoS attacks have been around for many years, but changes in the Internet have caused them to get bigger and badder. The two worst attacks of 2016 were on security expert Brian Krebs' website and on DNS provider Dyn. The Dyn attack severely hampered access to the websites of hundreds of companies including Internet giants Twitter, Amazon and Spotify, among others.
A major reason for the growth of DDoS is the proliferation of poorly secured devices on the Internet of Things (IoT), which are easy to connect into gigantic botnets that can be launched on any target.
The Mirai botnet is well known to people who follow security news — not a surprise when you consider that over half a million IoT devices became vulnerable to it less than a month after developers released its source code our into the wild. A newcomer is the Leet botnet, which launched a high-volume attack on the Imperva Incapsula network on December 21.
Changes in DDoS methods extend duration of attacks and scope of destruction.
Reports show that advanced, persistent DDoS attacks are growing more common. One attack lasted 64 days, and 20 percent of the attacks studied lasted more than five days.
In their early days, DDoS attacks were usually brute-force attempts to overwhelm a site with data packets. As network defenses against that approach have evolved, so has the offense.
Hostile traffic has become harder to identify. It's often designed so that requests look legitimate at the network level, while causing serious disruption at the application level. SSL packets carry a hidden payload until they reach the target application.
Sometimes the attack is a diversion. The real purpose may be to break into an account or install malware while IT staff is preoccupied and logs bloated.
Broad DDoS prevention strategy provides best DDoS defense.
Stopping or reducing DDoS assaults requires a broad strategy with basics such as:
Setting alerts when traffic reaches a certain level
Having standby cloud server capacity available to handle abnormal traffic levels
At Resilient, we also recommend using a comprehensive DDoS protection technology platform such as Fortinet FortiDDoS which offers monitoring at all network levels, behavior-based detection and dynamic evaluation of traffic. FortiDDoS is far superior to traditional platforms that offer only static pattern identification to lock out legitimate users — an action that can actually help the attack.
FortiDDoS identifies hostile traffic by its effects, selectively stops it and periodically re-evaluates it to allow normal usage to continue. It also features intelligent identification of Layer 7 (application) attacks to stop crafted packets that depend on knowing an application's weaknesses, as well as real-time reporting to improve IT's awareness of attacks.
As DDoS attacks escalate in 2017, responses to it need to become smarter. Fortinet's smart traffic analysis allows mitigation of even SSL-based traffic with encrypted content — a dynamic, behavioral approach that can defend against a broader range of attacks.