One bank after another repeatedly had to deal with DDoS attacks just recent. ABN Amro, ING, Rabobank, SNS and even organizations like the Dutch tax office and DigiD have all suffered them. In this blog post we go deeper into this subject and highlight some possible risk factors for the future.
What is it again, a DDoS attack?
A little refresher, what is a DDos attack again? The abbreviation DDoS stands for Distributed Denial of Service. Every infrastructure used for a website or online application is scaled to handle a X number of users at the same time, of course taking peaks into account. Such an attack basically boils down to the servers of a website or application being deliberately overloaded from the outside by such a large number of computers that they ‘go down’. This means that online services provided by the affected party cannot be continued, because a regular user can’t access them due to a large number of 'users' already present on the servers caused by the DDoS attack.
What are the consequences?
The direct result of such an attack is, as described earlier, that the website or application can no longer be accessed by a regular user. Large organizations, like those featured in the news, have such good infrastructures that the impact of downtime is often limited to minutes. In that case these attacks don’t sound very spectacular, but it’s the indirect implications that are of concern. Banks for example will quickly lose their valuable customer’s trust in online and mobile banking services if they experience unannounced and frequent downtime. Thinking of webshop giants, for them losses from an attack can quickly run into thousands of euros. In addition to that let’s not forget that definitely not every organisation took (the right) measures against such attacks. The impact of a DDoS attack could easily increase from minutes to hours.
Who are the targets and why?
A hacker’s motives for triggering a DDoS attack are very diverse. On one hand it could be internet criminals that use a DDoS attack to keep an IT department from a large organisation busy and distract them. In that case they have more opening available to steal data for example, something they could be really after. On the other hand it could be a bored teenager who thinks it’s kind of funny, all that commotion. In between there are a number of other reasons, like bothering the competition or ideological reasons.
The direct operational impact from an attack is, not depending on the purpose, usually comparable. It mainly consists of chaos at the organisation getting attacked. Government organisations and banks are a perfect target in the eyes of malicious people if it’s about generating impact. In what other branch could a DDoS attack cause a lot of chaos too? Exactly, in the healthcare. The big question is if the IT of healthcare and other high-risk branches is prepared.
DDoS attacks are becoming more and more advanced, due to use of various attack techniques. To ward off such attacks adequately, Sentia uses one of the largest DDoS ‘washing streets’ in our country and can easily measure up to other similar European initiatives. Within this solution the disabled traffic is separated from the valid traffic, after which only valid traffic is offered. In addition Sentia has detection mechanisms in its network that automatically redirect traffic to the ‘car wash’ when the threat of the attack takes on serious forms. Joost Peters Security Officer
How can a DDoS attack be prevented?
Prevention is better than cure. Unfortunately, an advanced DDoS attack is hard to avoid, but sufficient measures can be taken to minimize the impact. Security software for example, can ensure all traffic streams active on a network are classified and detected. In this way attacks are rejected in advance, which makes sure that the end user notices little to nothing. In addition monitoring software can proactively signal and take immediate action in the event of an attack or suspicious behavior. In this way a healthcare institution can remain operational in the case of an attack, without employees and patients noticing. Getting advice and taking action in this area, particularly for 2018, is the order of the day.