Threat groups are constantly getting more sophisticated in their attempts to evade detection and enact harm. One common tactic that many security practitioners have witnessed is carrying out distributed denial-of-service (DDoS) attacks during peak business times, when companies are more likely to be short-staffed and caught unawares.
While DDoS attacks are a year-round threat, we’ve noticed an uptick in attacks during the holiday season. In 2022, Microsoft mitigated an average of 1,435 attacks every day. These attacks spiked on Sept. 22, 2022, with approximately 2,215 attacks recorded, and continued at a higher volume until the last week of December. We saw a lower volume of attacks from June through August.
One reason for this trend could be that during the holidays, many organizations are operating with reduced security staff and limited resources to monitor their networks and applications. The high traffic volumes and high revenues earned by organizations during this peak business season also make this time of year even more appealing for attackers.
Cybercriminals often take advantage of this opportunity to attempt to execute lucrative attacks at little cost. With a cybercrime-as-a-service business model, a DDoS attack can be ordered from a DDoS subscription service for as little as $5. Meanwhile, small and midsize organizations pay an average of $120,000 to restore services and manage operations during a DDoS attack.
Knowing this, security teams can take proactive measures to help defend against DDoS attacks during peak business seasons. Keep reading to learn how.
Understanding the Different Types of DDoS Attacks
Before we get into how to defend against DDoS attacks, we must first understand them. There are three main categories of DDoS attacks and a variety of different cyberattacks within each category. Attackers can use multiple attack types — including ones from different categories — against a network.
The first category is volumetric attacks. This kind of attack targets bandwidth and is designed to overwhelm the network layer with traffic. One example could be a domain name server (DNS) amplification attack that uses open DNS servers to flood a target with DNS response traffic.
Next you have protocol attacks. This category specifically targets resources by exploiting weaknesses in Layers 3 and 4 of the protocol stack. One example of a protocol attack could be a synchronization packet flood (SYN) attack that consumes all available server resources, thus making a server unavailable.
The final category of DDoS attacks is resource layer attacks. This category targets Web application packets and is designed to disrupt the transmission of data between hosts. For example, consider an HTTP/2 Rapid Reset attack. In this scenario, the attack sends a set number of HTTP requests using HEADERS followed by RST_STREAM. The attack then repeats this pattern to generate a high volume of traffic on the targeted HTTP/2 servers.
3 Proactive Measures to Help Defend Against DDoS Attacks
It’s impossible for organizations to completely avoid being targeted by DDoS attacks. However, you can take a number of proactive steps to help strengthen your defenses in the event of an attack.
-
Evaluate your risks and vulnerabilities: First, ensure your security team has an up-to-date list of all applications within your organization that are exposed to the public Internet. This list should be refreshed regularly and include each application’s normal behavior patterns so teams can quickly flag abnormalities and respond in the event of an attack.
-
Make sure you’re protected: Next, make sure you’re deploying a DDoS protection service with advanced mitigation capabilities that can handle attacks at any scale. Some important service features to prioritize include traffic monitoring; protection tailored to the specifics of your application; DDoS protection telemetry, monitoring, and alerting; and access to a rapid response team.
-
Create a DDoS response strategy: Finally, create a DDoS response strategy to guide teams in the event of an attack. As part of that strategy, we also recommend assembling a DDoS response team with clearly defined roles and responsibilities. This team should understand how to identify, mitigate, and monitor an attack and be prepared to coordinate with internal stakeholders and customers.
Any website or server downtime during peak business times can result in lost sales, disgruntled customers, high recovery costs, and/or damage to your reputation. DDoS events can be extremely stressful for security teams to mitigate, especially when they occur during peak business times when traffic is high and resources are constrained. However, by preparing for DDoS attacks, organizations can help ensure they’re ready to meet the threat head on.
Source: www.darkreading.com