In Distributed Denial of Service (DDoS) a system or network is flooded with online traffic from multiple sources in an attempt to make it unavailable. Cybercriminals take advantage of protocol or DNS server vulnerabilities that they exploit to launch attacks. Moreover, in larger scale attacks, they may use malware that infects thousands of hosts that target the victim to block it, all of them with different IP addresses, which is known as a botnet. This makes it impossible to stop the attack once it has started by simply blocking a single source.
Some DDoS attacks are just temporary cyber activism against organizations deemed to have committed illegitimate acts, but there are also more serious cases of cyberwarfare or common criminal activity, such as attempts to blackmail victims. In such cases, like ransomware, the hackers ask for a reward in cryptocurrencies to unlock the online service. It is possible to buy a DDoS campaign on the black market to take down an online service for a week, for as little as $150.
Multiple Terabits Per Second
Given the ease of implementation, DDoS attacks are becoming more and more frequent: a study by Meril Research estimates that they already account for up to a third of all downtime incidents.
We have seen major cyberattacks like the one suffered by Google in 2017. The attack against its servers lasted six months, peaking to 2.5 Tbps in traffic, and it is suspected that it was the work of state-sponsored hackers.
Another victim was Google’s Cloud competitor Amazon Web Services (AWS). Again, AWS managed to mitigate the cyberattack so that it did not affect the performance of its servers, which provide hosting for thousands of organizations and account for a third of the Cloud services market. However, not all major DDoS attacks have been successfully mitigated.
Critical infrastructures too
A few weeks ago, the networks of several British telecommunications companies were attacked by a coordinated DDoS campaign. The UK authorities considered it an attack against critical infrastructures, as they provide services to key organizations such as the National Health System (NHS).
The attack launched in May in Belgium had an even more serious impact. It targeted a public ISP provider that connects the country's educational institutions, universities and scientific research centers. In total, the websites of more than 200 organizations were blocked.
In addition, some cybersecurity analysts have suggested that the crash that Facebook and other company services like WhatsApp suffered last month may have been due to a DDoS attack as a reaction to the bad business practices it has been accused of recently.
On-Premises Firewalls, Specialized Equipment and Third-Party Mitigation
All these cases demonstrate the virulence and danger of DDoS attacks including against services that are critical for a country, such as health and education. So, it is essential that organizations take the necessary measures to deal with them when they occur and that MSPs have a portfolio of solutions that reduce the likelihood that DDoS attacks block or impact their customers' connectivity.
Use on-premises firewalls: with the firewalls present in the Firebox network security appliances it is possible to block IP addresses and ports and set predetermined traffic thresholds for servers and the client.
Load balancers: a load balancing solution can be implemented for ISP connections so that traffic is distributed among different destinations, to prevent a server from being overwhelmed.
ISP and third-party mitigation: in large-scale attacks, it is imperative that ISP and Cloud providers for the company have mitigation solutions in place and are coordinated to deal with such incidents.