If you aren’t worried about being attacked, visit http://map.ipviking.com/ to get a clearer picture of how big a problem DDoS attacks have become.
For the banks, they have all suffered daylong slowdowns and, at times, complete outages. For gaming companies, there is the potential to lose loyal gamers if they become frustrated at losses of their game progress due to an attack. For online retailers, the cost is even more tangible in lost sales/profit per hour, combined with potential customer defections to competitors.
There are anti-DDoS technologies that can mitigate these types of attacks and reduce the effects on the victim businesses. But as attacks become more intense, DDoS mitigation technologies that used to be effective may fail.
The ease of starting a DDoS attack is disheartening. It no longer requires any modicum of skill. Anyone can download the tools or even rent attack servers online. Simply run a Google search for “download DDoS attack tools” and you will see. Or run a search for “Rent DDoS attack” to see how easily you can cripple any web site. Never mind that prison could be the result if you are caught! So this problem is real! DDoS attacks can be initiated by anyone with a motivation and a few dollars.
Why would someone attack a website? Besides simple malicious behavior, some attackers are making a political statement or extorting money. Some unscrupulous businesses use DDoS to disable a competitor’s web business. Or DDoS attacks are sometimes a smokescreen to cover up other illicit activity.
Here are a few tips on what you should be doing now for your business:
* Your firewall will do nothing to prevent or stop a DDoS attack. Nothing more need be said.
* Make sure DDoS mitigation is part of your business continuity/disaster recovery plan. You need to include procedures for DDoS mitigation in this plan. This will help raise the attention of company executives will commit the required resources in advance, rather than waiting until your company experiences a costly DDoS induced outage.
* Know the signs of an active attack.
- Unusually slow network performance (opening files or accessing websites)
- Unavailability of a particular website
- Inability to access any website
- A dramatic increase in the number of spam emails received
* Know your customer location and lock out unexpected transactions. Most companies have a limited geography for where they do business. If you are a U.S. based online retailer, you likely should not be seeing people from, Russia or China to be placing orders via your website. It that is happening in anything more than a trivial volume, the presence of inbound traffic from those countries could be the start of an attack. If possible, your DDoS mitigation solution should allow you to block transactions that originate in locations where you don’t typically do business.
* What would it cost your business to be offline for four or eight hours? Calculate the actual financial impact so management understands. Also, you should think about the additional IP Transit costs from high peak bandwidth utilization that results from DDoS attacks.
* If you are the victim of a DDoS attack, look for data breaches or other criminal activity. Do a very thorough inspection of all system logs to determine if other malicious activities took place during the attack period. If your website supports credit transactions, be especially mindful of your PCI/credit processing environment. Be sure to deploy defenses at the perimeter of your card holder data environment as required by PCI-DSS.
* Know who to call to stop an attack. If you don’t have an anti-DDoS solution in place, then at least know who to contact immediately if you suspect your company is under attack. It’s prudent to explore the dedicated anti-DDoS solutions on the market and decide which vendor/solution provider to call if the need arises. SD-WAN-Experts can assist you with this and help you implement DDoS mitigation is just a few hours. But you should really plan ahead! Contact us now.
Other postings about DDoS Mitigation: