With the Australian Cyber Security Centre (ACSC) recently warning of a spate of potentially devastating Denial of Service (DoS) attacks, it’s essential to put into place measures to protect your organisation.
This stark advice follows a series of ransom threats made against Australian businesses. Typically, victims are threatened with a devastating DoS attack against their web server or network unless they pay attackers a cryptocurrency ransom.
Put simply, a DoS attack is an attempt to severely slow-down, or crash, your business’s web server or network. It can result in your website and web applications being inaccessible to customers and staff.
A DoS attack can literally bring your entire business to a grinding halt, causing significant financial and reputational damage.
Due to the level of computing power required, a DoS attack often involves using a network of compromised computer systems in different locations that target a victim’s systems with bots simultaneously. This is known as a Distributed Denial of Service (DDoS) attack. As these computers are all based in different locations, they can be very hard to defend against.
Whilst preventing all DoS attacks may not be possible, there are a number of practical steps you can take to strengthen your business’s preparedness. But firstly, it’s important to understand exactly what’s happening when you’re being subjected to a network-based DoS attack.
Large-Scale DoS Attacks
There are a number of DoS attack methodologies, the most common are attempts to flood your business’s web server or network with enormous volumes of data. Your systems only have a certain amount of bandwidth or capacity. When overwhelmed in this way, it causes them to either become tardy or cease functioning altogether.
Launching large-scale attacks like these requires substantial computing resources. As businesses begin developing more sophisticated defence measures, attackers are resorting to more targeted methodologies that are more sophisticated, but require less computing firepower.
Targeted DoS Attacks
When visitors access your business’s website, data passes from the web server to the visitor’s computer along a series of physical cables, via a range of routers and networks. Nowadays, we are seeing sophisticated attackers undertaking extensive reconnaissance to identify the weakest link in that chain of infrastructure.
Once an attacker identifies the weakest link, such as a particular router, they look for ways to flood that specific component, knocking it out. By focusing the DoS attack on the weakest component in the chain of infrastructure, attackers can disrupt your system’s data flows without the need for huge amounts of computing firepower.
Interestingly, recent surveys indicate that whilst there’s a significant increase in the frequency of DoS attacks (up 16% from 2018 to 2019), these tend to be smaller in scale (between 100-200 Gbps). Larger scale DoS attacks (over 200 Gbps) seem to be on the decline.
As DoS attacks become more targeted and use less firepower, it’s more important than ever to be vigilant with monitoring your network for any sign of anomalies so you can respond as quickly as possible.
DoS attacks can be notoriously challenging to prevent, which is why protecting your organisation needs to be an ongoing process. There are a range of activities your organisation can take to improve resilience.
You should maintain close visibility over your systems and traffic flows. This will allow you to quickly identify abnormalities, such as unusually large volumes of data. You should seek to verify incoming data by undertaking IP address filtering against negative databases, so you can identify and block risky traffic sources. Engaging a third-party security provider for pattern detection and IP filtering can ensure you achieve an appropriate level of preparedness.
Another way to reduce risky data inflows is with the use of CAPTCHA challenges on web forms. These can help you ensure that incoming data is being sent by humans and will help limit bot attacks.
When planning DoS mitigation strategies, it’s important to consider ways to become more decentralised. In the event of an attack on one of your systems, your other systems will remain live. For example, ensuring you have redundant network resources will allow you to load balance and handle increased network traffic if one on your servers is attacked.
To protect your website, you may consider solutions such as Content Delivery Networks (CDNs) which allow you to create a non-dynamic cached version of your site. By having the cached version hosted on different servers, preferably in different locations around the world, your website will still be accessible even if your origin server is under attack.
Importantly, take care to avoid disclosing your origin server’s IP address, so attackers aren’t able to bypass the CDN. You should also use firewalls to ensure that only the CDN can access the origin server.
Additionally, you should consider carefully which systems are business-critical, such as email systems. These should be partitioned from highly vulnerable systems, such as your web server, and hosted on separate infrastructure.
Furthermore, if you’re not yet using cloud-based hosting, then it is definitely worth considering as a way to withstand DoS attacks. Major cloud providers have teams of people monitoring traffic flows and will be able to rapidly notify you of any anomalies. They also have far higher bandwidth capacity, meaning they are able to cope with far higher volumes of incoming data.
How can Shearwater help you?
With DoS attacks occurring more frequently, and the methodologies constantly evolving, it’s essential every business develops strong resilience.
Our Penetration Testing specialists can secure your applications against a range of potential weaknesses and provide expert guidance on strengthening your overall application layer.
With our Managed Security Services team of experts monitoring your network for abnormalities, with the capacity to respond rapidly, you will achieve peace of mind that your organisation is ready to confront any DoS attacks.