DDoS attacks? Check your service provider, writes Jake Madders, Director of cloud hosting provider Hyve.
Distributed Denial of Service (DDoS) attacks are a constant threat for businesses and organisations in today’s world, as they could be faced with the prospect of their websites and online services being swamped by huge amounts of traffic from a variety of sources. For the criminals mounting the attacks, they’re a relatively simple way to disrupt their targets and disable their online activities.
Many organisations rely increasingly on their websites or online services for much of their day-to-day business, making them particularly vulnerable to DDoS attacks that can have potentially devastating effects on their operations. Criminals have been quick to exploit growing fears of the consequences of DDoS attacks to try and coerce potential victims into paying a ransom to make them go away before they do any damage. They are effectively holding organisations hostage with the threat of a DDoS attack unless they pay a ransom demand.
DDoS hostage takers
To make a threat you need to be able to back it up, meaning that cybercriminals have to prove that they can disable the targeted website with a DDoS attack. To do so, they need to mount an attack. Typically, they carry out a test attack on the intended website or service and send increased levels of traffic to ascertain if it is vulnerable. The attacks vary in size, anywhere from 1Gb of bandwidth to 100Gb, depending on how well the site is protected. Once they have discovered what is required to cripple a site, they will issue their ransom demand.
For organisations unaware that their online presence has been targeted in this way, the ransom demand can come as a shock. That’s assuming that they get the demand in the first place. One of the biggest dangers is that they don’t see the often poorly written and presented ransom demand because it is treated as spam. Needless to say, ignoring a ransom demand is not a wise course of action.
Paying it isn’t so smart either. Companies might think that paying a ransom will make the DDoS attack go away, but it might encourage other criminals to launch similar attacks if they think they can get a pay out as well.
It’s a difficult situation to be in because if companies fail to meet the payment deadline for the ransom, the attacks will start again, and the criminals will normally demand a higher amount to stop them. Many organisations faced with this situation are forced to choose between paying the ransom demand to stop the attacks or suffering lost business if their website is taken offline.
It doesn’t have to come to this – businesses can take a number of measures to protect their websites and online services from DDoS attacks and ransom demands. By far the best way to defend themselves from these attacks is to prevent them getting through in the first place. This is where the service provider comes in. In most instances, the website is being hosted and secured by a service provider. It’s incumbent on organisations to ensure that the service provider, as the first line of defence against attack from cybercriminals, has the appropriate security measures and procedures in place to identify and repel DDoS attacks. Any competent service provider should be aware of the threat posed by DDoS attacks and be able to mitigate the disruption they might cause to a customer’s online activities.
But awareness is one thing, and being able to do something about it is another. In the end, an attack will succeed or fail because of the security capabilities of the service provider hosting the website or online service. Sadly, there is disparity among service providers in terms of their ability to prevent successful DDoS attacks against their customers. Some are very capable of dealing with them, others aren’t. This being the case, organisations need to find out as much as they can about the capabilities of their service provider if they want to be reassured it can identify and deter DDoS attacks. To help organisations clearly assess the risk that they face and their ability to mitigate it, the service provider should be able to show the effectiveness of the measures it has in place to repel DDoS attacks. A clear understanding of the levels of security and service guaranteed should be outlined in the customer agreement.
Service providers need to have the technical skills to defend organisations against DDoS attacks and keep them online. If they don’t have the skills, their customers should be aware because if the service provider isn’t up to the job, their website won’t be up much longer either.
