Recently the phenomenon of (Distributed) Denial of Service attacks has once again been on everyone’s mind. Several attacks toward public authorities and organizations in Sweden have made the headlines.
For those of us that work in the IT industry, (D)DoS attacks are a part of life. And, have been for a number of years. The attacks shift in style just like any other fashion trend and they come and go in intensity and frequency – but they are always present. Sometimes the trend is to create attacks with large volumes, sometimes it’s more popular to use large amounts of small data packets that can be difficult for an infrastructure to handle, and sometimes a combination. The goal is always the same, to create a disturbance and/or outage of a service or services. Often there is nothing more to it than that, someone is bored, or doesn’t have anything useful to fill his/her days with, or maybe just wants to test how it works.
The reasons vary as to why someone performs an attack, anything from disruption of a competitor’s business to foreign states seeking information or someone trying to mask the fact that they are actually hacking your system somewhere else while you are occupied. The list goes on and on. Much like in our normal, analogue, life the villains seem to have very good imagination and they are relentless.
What can you do?
First of all, I argue that you should never succumb to threats, never pay ransom. That’s of course easier said than done in a situation where your business is on the line. However, there is nothing that suggests that these people will stop attacking once they have received the ransom. All that has happened is that they have learned that you are a good target. If they need money again in the future, that’s not a list you want to be on. Also, I recommend reporting all attacks to the authorities, if for nothing else, to be able to show your customers that you take it seriously.
Second, you need to look at available concrete countermeasures. If you run an average business you most likely have some or all of your critical IT solutions outsourced in some way. You need to address the issue of Information Security in general and (D)DoS attacks in particular with your service provider. Do they have a (D)DoS protection system in place? Has it been tested? Do they have routines for how to behave in case of an attack?
Also, a service provider that has a proven track record of dealing with information security is more likely to be able to handle a situation when it occurs. Within Information security we talk about the CIA triad, Confidentiality, Integrity and Availability. By leveraging on the services of a service provider that has (D)DoS mitigation capability, you ensure availability. Additionally, if you want to be safe regarding Confidentiality and Integrity, make sure that your service provider has certifications such as ISO 27001 and PCI DSS, as they are strong indicators that the provider takes matters within information security seriously.
The sad truth is that (D)DoS attacks, and other malicious activities, will continue to haunt us – probably forever. All of us, and especially us service providers, need to be prepared. We need to do what we can to minimize the impact that attacks, such as (D)DoS, have on the services we provide. This is not a business issue, this is an issue for society as a whole. If we want to be able to continue using the Internet somewhat like today, we need to figure out how to avoid letting the bad guys win!