DDoS is an acronym for Distributed Denial of Service. Nevertheless, as the title suggests this blog will address the who, what, why, and how of a DDoS attack (Credit to: www.incapsula.com “Anatomy of a DDoS Attack”).
Who are the people involved in a DDoS?
Anyone is at risk that has any Internet-facing service. However, the following potential victims have a higher risk: Large corporations, Mid-sized corporations, Small businesses, Political entities, Controversial leaders, online personalities. Who are the enablers of the attack: The Kit Maker builds user-friendly toolkits that make botnets easily accessible. The Builder uses malware kits to build botnets for herders and booters. The Bot Herder controls botnets via remote command-and-control servers. The Booter sells botnets and toolkits under the guise of server stressors.
What are the motives of the attackers?
The Hacktivist expresses criticism to politicians, governments, or controversial persons or organizations. The Intimidator threatens free speech and political discussions. The Harasser bullies online users. The Extortionist ransoms sites (don’t give it to them). The Hired Gun makes a living out of DDoSing others. The Script Kiddie thrives on the thrill of it or the rights to brag to their peers.
Why do we work so hard to fight risk?
There are many risks including financial impact, business disruption, information loss, revenue loss, and other assets. What is the fallout of a company that suffers a DDoS? It takes time and money to replace hardware or software. Must remove malware installed on the network. Weather losing customer trust. Acknowledge theft of customer data. Suffer intellectual property loss.
How is a DDoS perpetrated?
To simplify things let us look at the simple DoS which is a denial of service attack. This threat to your network and its systems targets the “A” of the CIA Triad (Confidentiality, Integrity, and Availability). If we can cripple one of your devices or services then we can deny services. So the distributed denial of service attack distributes the sources of attack to bombard your services with a larger surface. Additionally it will be harder to identify the sources, as they are numerous. Most DDoS attacks come from a botnet – a group devices, sometimes numbering in the thousands or millions, that cyber criminals use to cripple your website. Many infected computers and even smart-phones are components of a botnet as people browse the Internet unaware of enabling any malicious activity. This process continues starts over again perpetuating the cycle
CCSI partners with Arbor Networks to mitigate DDoS attacks. What Arbor Networks does is unique. They will help you and your organization through the six phases of DDoS attack response: Preparation, Identification; Classification; Traceback; Reaction and Postmortem. Organizations that do not proactively address DDoS prevention often find themselves in a reactive scramble under the pressure of an attack. Who trusts Arbor with DDoS protection?
- More than 90% of the world’s Tier 1 service providers
- 8 of the 10 largest cloud service providers
- 9 of the 10 largest managed security service providers
- 3 of the 5 largest social media networks
- 5 of the 6 largest U.S. cable broadband providers
- 4 of the top 6 U.S. banks based on assets under management
Interested in learning more about DDoS Attacks? Check out CCSI and Arbor Networks informative webinar. The Modern Day DDoS Attack: How Vulnerable is Your Organization?
Tom Bienkowski, Director of Product Marketing from Arbor, discussed the complexity of the modern day DDoS attack, which is commonly a dynamic combination of volumetric, TCP state exhaustion and application layer attack vectors as well as the evolving DDoS threat, how organizations are vulnerable, and best practices in protection. Check out the video today!
Author Bio: John Busso is a Senior Network Engineer/Mobility Specialist at CCSI. He has almost 20 years experience providing secure voice and data solutions. John has been a Subject Matter Expert for Enterprise Mobile Solutions such as Guest WiFi and BYOD, providing vision for diverse clients.
John has been an Adjunct Professor and trainer. He holds numerous Industry certifications, including CISSP CWNP, CCNP, ACMP and ITIL. His experience includes working with retail, TNL-Couriers, DC’s and Airports, Healthcare, Education, DOD, Local Government, Financial, Non-Profit-Public WiFi, Entertainment and Hospitality industries. His expertise is in mobility, security, WLAN, WAN, LAN, VoWiFi, RFID, RTLS, WIPS, WIDS, DAS, licensed/unlicensed PTP and PTMP networks. Connect with John on Twitter via @JohnBusso.