Defending against Distributed Denial of Service (DDoS) attacks

For decades, hackers have used Distributed Denial of Service (DDoS) attacks to shut down targeted servers and infiltrate corporate networks. In fact, DDoS attacks have been around for so long that many organizations believe they have them firmly under control. Unfortunately, that’s not the case. DDoS attacks, and the motives behind them, have become more frequent and malicious, having increased in 2016 by 211 percent —with more than 40 percent of victims suffering from repeat offences.

In addition to crippling many of their victims’ networks, most of today’s modern DDoS attacks are actually diversions designed to take attention away from secondary attacks. Because of this shift, many organizations are ill-equipped to manage a modern-day attack. While common plug ‘n play technologies may be able to detect a breach, they’re unable to mitigate this new level of risk. To keep pace with today’s DDoS attackers, a more proactive, human approach is also needed.

Shortcomings of software
As smart devices and the Internet of Things become more prevalent, networks are becoming significantly more vulnerable to large-scale DDoS attacks—and cybercriminals are taking note. Today, attacks are often used as smokescreens to distract from such activities as data ex-filtration, the installation of ransomware, malware and logic bombs, and even physical attacks.

But DDoS is still capable of causing significant damage on its own. Because traditional, software-based solutions aren’t designed to defend against attacks of this scale, private and public organizations are suffering from increased occurrences. These events can force a company offline for hours—in 2016, CNN, Netflix, Twitter, Pinterest, and Reddit were all offline for nine hours because of a DDoS attack on their internet provider.

Beyond compromising customer service, time offline is money. Such shut-downs often result in millions of dollars in lost revenue, not to mention lost productivity and brand damage. They also put organizations at risk of other indirect costs, such as credit and insurance rating downgrades, compromised customer and supplier relationships, and IT budget overruns.

So why do traditional software-based and appliance based solutions fail?

1. A determined attacker can almost always work around technology. This is largely because traditional solutions work on the basis of algorithms set against anomalies in network traffic, and consequently don’t provide dynamic handling of DDoS attacks—or other web application/infrastructure-related attacks. 
2. Most methods are one-size-fits-all—they aren’t customized to meet the business needs of a specific organization. So while they may be able to identify if an overt attack is taking place, they can’t connect the dots between out-of-the-ordinary traffic trends and previous suspicious activities. 
3. Today’s attackers are aware of the shortcomings of traditional plug ‘n play security solutions—and design threat vectors to pass through mitigation mechanisms undetected. Some bots feature totally obfuscated signatures, while others can convincingly mimic human behaviour, making out-of-the-ordinary traffic appear legitimate.

The human element

Effectively warding off a modern DDoS attack takes more than an exclusively software-based solution. Organizations must adopt a more comprehensive approach—one that considers the risks of the current environment, offers multiple layers of defense, and includes a literally human component. By assigning a team of dedicated business and technology experts to manage and monitor web-application and infrastructure attacks, organizations can outsmart savvy hackers in a way that software alone simply can’t. This team would work as an extension of the organization’s existing Information security team or in conjunction with a CISO’s designated member, but would focus specifically on web application and infrastructure attacks. Some leading organizations go as far as implementing measures to their existing cyber threat monitoring programs that are specific to DDoS.

Ideally, this team should be introduced early on in implementation, so they can develop a strong understanding of the organization’s needs, identify typical threat profiles, and determine the critical assets that may be of value to attackers. This team would also need to develop and implement policies and procedures that will help prevent an attack, as well as maneuver and counter-maneuver measures to mitigate attacks in-progress.

By integrating a human element into their web application/infrastructure security management process, organizations also gain a range of benefits managed software providers do not deliver. Dedicated monitoring and incident management alert affected teams to issues in real time—before attacks can spiral out of control. Similarly, active analysis can identify atypical traffic patterns that automated algorithms may miss.

Beyond the quick fix

While the evolution of technology offers endless opportunities for businesses, it also comes with increased risk. To effectively mitigate this risk, organizations of all sizes and across all sectors must rethink their approach to DDoS attacks, to extend beyond software or appliance-based solutions.

Deloitte has deep industry knowledge and global experience helping organizations manage DDoS attacks. We can help you assess and implement the right people, process and technology to prevent, manage and detect DDoS attacks.