Last week something rare occurred in Ireland, a DDoS attack happened and just like buses several came along at once and various different websites were attacked.
The first website to get attacked was Boards.ie and that was down for over 3 days.
The second attack happened last Wednesday and this time the Lotto website plus all their machines for buying tickets was down for 2 hours. This attack came when the Lotto jackpot was over €10M for that nights draw.
The third attack took place last Thursday and some government websites including those of the Central Statistics Office, The Department Of Justice and the Courts Service, became unavailable for approximately an hour.
A DDoS attack can cause serious problems for your website and your business.
Paul Hogan, the CTO of Ward Solutions Gave us the lowdown on DDoS attacks including what they are, why they are happening and how you help protect yourself from them.
What are DDoS attacks?
DDoS or Distributed Denial of Service is an attempted activity to exhaust all the resources of a network, website, application or service, with the intent that legitimate users are denied access.
The attacks are labelled distributed as they typically originate from a large number of malware infected client computers known as botnets.
DDoS attacks generally fall into two categories. First are what is known as volumetric attacks, where the attack is based on the sheer volume of traffic generated; and the second is based on more sophisticated ‘application layer attacks’, and many attacks use both approaches.
What we are witnessing here in a number of Government and Public Sector organisations appears to be a volumetric based attack. Boards.ie experienced a similar attack this week.
Why is it happening?
There are many motivations for such attacks; political, hacktivism, financial / fraud. It is not yet clear what the reason is behind this one but it may be political or hacktivism motivated. No one has claimed responsibility as yet.
What does it mean?
Some commentary refers to DDOS attacks as creating a ‘nuisance factor’, and that they don’t actually lead to security being compromised. However, we have seen in the past DDoS attacks being used as a cyber-smoke-screen to mask a more targeted attack.
What can be done about it?
There are a number of strategies organisations can adopt to protect against DDoS, depending on the type of attack.
First is overprovisioning, whereby the organisation has extra bandwidth or network/computing devices which can handle the spikes in traffic and extra demand on resources. This could be done in conjunction with your internet service provider (ISP).
Configuring and tuning servers, firewalls, Intrusion prevention systems and routers can help stop some of the simpler types of attacks.
More and more organisations are now using either a DDoS mitigation appliance or a cloud-based service to do the same thing. These are security devices which specifically try to mitigate the damage and downtime caused by DDoS attacks.