Get in Touch
Get in Touch

Blog

Prepare for the rise of DDoS attacks

April 21, 2020

Rajarshi Purkayastha   

Head, Pre-Sales, India and MECAA, Tata Communications

In this current global crisis, enterprises across the globe are riding on technology to maintain business continuity, encouraging employees to access emails and company data from their home. In this blog, Rajarshi Purkayastha shares tips for enterprises to keep their devices and data safe from DDoS attacks.

The COVID-19 pandemic has kept enterprises and their IT teams busy finding quick and effective ways to run their business while protecting their customers, partners and employees. Where some industries have been heavily impacted, others are striving and making every effort to maintain business continuity and not let this pandemic effect their services.

Network, video conferencing, OTT services, online medical consultation, hospital connectivity and communication – these critical services have never been more important than they are today – enabling businesses and essential services to function at a crucial time as people around the world try to find a semblance of normalcy through technology.

Protect what matters      

Most governments have mandated organisations to have their employees work from home. There is a large section of employees across the world who now need virtual access to their corporate network and corporate assets to be able to do their jobs. But the reality is, many enterprises don’t have basic perimeter security in place such as protection against Distributed Denial of Service (DDoS) attacks.

“DDoS attacks are a threat to all web-facing setups. And currently, that includes pretty much every way of working.”

Hackers have spotted their chance

Attackers are taking every opportunity to run DDOS ransomware attacks and/or DDOS attacks to overwhelm an organisation’s traffic and services, targeting critical workloads with the intent to disrupt operations across key industries like healthcare, government, BFSI and IT/ITeS enterprises. A DDoS attack against an organisation is relatively easy to start and experts have estimated that running an attack can cost as little as $18 an hour using a cloud-based botnet of 1,000 desktops. On the other hand, for the organisation, a targeted DDoS against them can cost them up to thousands or millions of dollars.

Europol describes DDoS as “an accessible type of crime with limited barriers to entry because it is cheap and readily available”. As per a new report from Europol, we will see an increase in DDoS attacks during this pandemic period.

In the past month alone, there have been significant DDoS attacks on government bodies in the US and Australia and on hospitals in France and the Czech Republic. Clearly, no one is spared. The US Department of Health and Human Service (HHS) was hit with a massive DDoS attack. Hospitals in France and the Czech Republic – including those responsible for COVID-19 testing – were targeted by DDoS attacks which disrupted hospital systems. The Australian government announced that its online services portal, myGov, faced a significant DDoS attack which prevented users from accessing it for several hours. A food delivery service in Germany faced a bitcoin ransom attack which prevented it from providing food delivery services to people unable to go out.

These aren’t random attacks. They are targeted DDOS attacks where hackers and cyber criminals are deliberately compromising essential services such as hospitals and healthcare systems.

Enterprises aren’t safe either as these attackers are well aware of the importance of maintaining services during this time and know when best to attack and demand ransom. As work-from-home measures and lockdowns continue globally in response to COVID-19, the cybersecurity situation may well worsen.

In this COVID-19 world, there are new realities that IT teams need to understand before preparing to deal with these DDoS attacks:

  1. A trend of longer and more frequent DDoS attacks is being noted. Most attackers are not successful because of new techniques, they are successful because they are persistent
  2. Even with low volume attacks, VPN and firewall resources can be exhausted easily
  3. SSL (Secure Sockets Layer) VPNs are vulnerable to SSL flood DDOS attacks
  4. UDP (User Datagram Protocol) flood attacks can easily overwhelm VPNs

“The fact that many of the systems being targeted are critical and their outages can lead to losses, some of which can be irreversible, it is important that we stand our best guard.”

 

So, what’s the best defence? 

Here are few tips for you to stay safe:

  • Understand the warning signs: Most DDoS attacks start as sudden spikes in traffic, and it’s recommended to check your network configurations regularly and watch out for legitimate and illegitimate traffic on your network
  • Make your user-based access controls robust by provisioning for more bandwidth than needed. Keep regular checks on servers hosting most important data. A second or third server will help offload the extra data in case of an attack on the main server
  • Ensure your firewalls and routers are in modes that will prevent denial of service attacks. Enable and block SIP-based signatures firewall. If you are not using SIP services, then consider blocking the necessary ports at your perimeter
  • Make use of DDoS detection programmes that will help detect a possible attack and activate a lock down for your systems before they are attacked
  • Organisations should look to partner with service providers who are not only able to offer multi-layer cloud-based protection but who also enable real-time detection and mitigation, protecting critical assets using cloud signalling to raise an alarm during a volumetric attack. These service providers can help fix the gaps in your security strategy and ensure you stay current with new solutions and technology

 

Are you prepared?

Many enterprises are quickly realising that while they may be behind the curve when it comes to remote preparedness, now is the time to act and address vulnerabilities in their security. Whether it’s achieved through internal resources or in partnership with a managed security services provider, those companies that tighten up their perimeters before it’s too late are the ones who will fare best in the coming weeks and months of this fast-developing situation.

Cyber security analysts at Tata Communications have released a special advisory report on the COVID-19 cyber threats. Click on the link to know more about the threats facing organisations during this period and get recommendations on how to prevent criminals from getting access to your organisation.