Fighting the new DDoS threat
Protection for the next generation of cyber challenges
The evolving nature of DDoS
DDoS is not new. In fact, attacks of this kind have been with us for around 20 years, somewhat eclipsed in recent times by challenges like ransomware.
But a changing threat landscape, combined with increased digital dependence, has driven DDoS back to the very top of the cybersecurity agenda and demands a fresh approach. It’s also expanded from something that not only targets the biggest businesses but is now a risk to anyone with online infrastructure.
To better understand how DDoS has evolved, it’s useful to classify threats under two headings:
1. An effective tool for cybercriminals
In the early days of DDoS, attacks were modest in their scope and one dimensional in their methods. They might originate from a commercial rival looking to cause low level nuisance, or represent a crude attempt to extort a moderate amount of money. The sort of sums being demanded have risen dramatically, not least because a DDoS attack is often conducted in parallel with a ransomware attack, where essential data is frozen until a hefty ransom is paid.
Cases of so-called triple extortion are on the rise, where criminal gangs initially steal your data and threaten to share it. The next stage encrypts data on your network to prevent your business operating, and then the final blow follows with a DDoS attack – just when the panic hits your IT staff. The wave after wave of ransom demands and DDoS attacks can even take in a victim's clients and partners, motivated by high pay-outs via untraceable cryptocurrencies.
Mounting a DDoS attack has also become easier, requiring little in the way of technical knowledge on the part of the cybercriminal. Bad actors can rent botnets (armies of zombie devices) that are the main DDoS weapon, effectively paying for DDoS ‘as a service’.
Typical DDoS victims were once large organisations operating in a handful of verticals. Now that attacks are easier to mount, it’s open season for any target, with smaller and smaller companies in the crosshairs.
2. A weapon in geo-political conflicts
There’s another dimension to today’s DDoS challenge. This type of threat is about disruption, not extortion, and is commonly directed at media companies reporting conflict, critical infrastructure or governments and organisations that work with them. State-sponsored DDoS offers a simple and blunt way to carry out cyberwarfare against perceived opponents. A recent example is the numerous attacks inflicted on companies that have withdrawn from Russia in the wake of its invasion of Ukraine. It’s a way to disrupt communication and commerce, and ultimately harm economies.
Did you know?
An introduction to DDoS
A distributed denial-of-service (DDoS) attack is a form of cybercrime that attempts to overwhelm an organisation’s internet infrastructure with a flood of unexpected traffic. The attack works by deploying an army of infected devices, controlled remotely, to overload the target’s network resources – hampering legitimate traffic and effectively taking important services offline. It is like a malicious traffic jam that, on command, can bring an essential thoroughfare to a highly damaging and costly halt.
Typical DDoS victims were once large organisations operating in a handful of verticals. Now that attacks are easier to mount, it’s open season for any target, with smaller and smaller companies in the crosshairs.
The different types of DDoS protection
Given that DDoS now represents a serious and mounting threat to businesses of every size, DDoS protection is fundamental if you have any kind of reliance on the internet. It’s not an added extra that you can safely opt out of or something to add reactively.
Protection must take account of the fact that DDoS attacks are more crafted, sophisticated and targeted than they were 10 years ago. Attacks can be fragmented, simultaneously affecting multiple different stacks and different parts of an ICT and networking set-up.
There are three types of protection in the market that can be applied to help your business survive the attempt to disrupt your systems and they reflect the diversity of attack types:
1. Cloud Protection
Content specialists, such as CDNs, can provide protection from DDoS in the cloud. Such companies can deliver protection capabilities at scale, reflecting the fact that their services are provided in a globally-distributed fashion, as close as possible to the end users that access the service. They tend to be focussed on single applications or services.
2. Network Protection
Communication service providers, by the nature of their business, can end up aggregating the malicious traffic on their network before it arrives at their customer. This gives them an opportunity to filter all malicious traffic before it is delivered to users. Protection built into the backbone network ensures that connectivity services are not vectors for attack and all connected systems are protected on each circuit.
3. Edge Protection
We are seeing a rise in application-based DDoS attacks on a smaller and more crafted scale. These threats can be tackled with an ISP, telco-based solution or by a cloud provider, but this type of protection may not have the granular rules in place to be fully effective. This scenario demands protection positioned at the network edge to bolster the cloud or backbone service. Edge and network protection combined in this way is a powerfully comprehensive level of security against DDoS threat.
DDoS attack scenarios and how to respond
DDoS is a serious problem, but it can be defeated or at least have its effects mitigated. Let’s take a look at some of the ways Colt can offer DDoS protection in the event of an attack, or prevent one happening in the first place. This protection can kick in at various levels for existing Colt customers:
Our backbone-based DDoS protection service is a core component of our network, protecting all customers. Every Colt customer benefits from the protection of our DDoS Standard Level 1 service – a layer of security that is built into the Colt IQ Network. With this level of protection, you’re guarding your most essential infrastructure during an attack. But it is not configured to individual needs at the level of the application and we may need to drop both malicious and normal traffic from your service if you come under attack to prevent attacks to other Colt network users.
Colt’s Level 2 service guarantees to filter out malicious traffic and delivers all your normal traffic as usual, plus the ability to manipulate protection for yourself to ensure you stay operational. It offers access to our portal so you can tweak rules and countermeasures for maximum effectiveness, or use our templates for common scenarios. As DDoS is a dynamic threat, if an attack has not been effective in bringing down your service then the threat actor will try something different, making the reactiveness of our Level 2 service an essential tool in your armoury.
In the gravest of emergencies, it is possible to install a DDoS safeguard with our express service that bypasses our normal processes to provide lightning-fast cover. Although you may be lucky and this protects you, the chances of not suffering damage and keeping all your services running as usual are much lower if you’ve set up protection in advance, tuned to your needs.
Protect your business at the cloud, network and Edge with Colt IP Guardian.
The Colt IP Guardian service
The Colt IP Guardian service unites the strengths of our Level 1 and Level 2 DDoS protection, covering a customer’s full network service with optional granular Edge protection, offering the most effective and configurable security from this growing threat.
Colt IP Guardian DDoS protection gives Colt IP Access customers the ability to filter DDoS attacks automatically within seconds and without the necessity for human intervention. It provides a full suite of countermeasures that remove DDoS traffic while enabling the flow of legitimate traffic. It also provides live visibility of the attack as it occurs and allows dynamic configuration of the numerous countermeasures, ensuring company resources remain fully available even when protecting from the most determined of attackers.
